[ previous ] [ next ] [ threads ]
 From:  "Paul Rae" <PRae at aminocom dot com>
 Cc:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] feature request (hidden and encrypted passwords/pre-sharde keys)
 Date:  Sat, 7 May 2005 21:47:14 +0100
No all it would do is give a false sense of security. No matter how you encrypt / obfuscate it on
the box, it needs to be sent clear when its used.
All it would take is a simple sniffer and you would get it.
Its wrong to give people a false sense of security.

	-----Original Message----- 
	From: Claude Morin [mailto:klodefactor at gmail dot com] 
	Sent: Thu 05/05/2005 23:48 
	Cc: m0n0wall at lists dot m0n0 dot ch 
	Subject: Re: [m0n0wall] feature request (hidden and encrypted passwords/pre-sharde keys)

	[Sorry to resurrect this, but I have a kooky idea. I have no illusions about
	implementing it, it's more intended to nail down my understanding of this
	Is it possible that the problem with this discussion is that everyone
	assumes some sort of fixed obfuscation algorithm in the m0n0wall sources?
	Instead, couldn't an installed m0n0wall store a secret key that is
	notincluded in the
	config.xml file? The secret would be set from the physical console menu, and
	stored elsewhere in the installed m0n0wall image.
	Whenever DynDNS or PPP or anything else needs a password, the local secret
	key would be used to decrypt (in memory only) the appropriate config.xmlentry.
	As I said, it's a kooky idea and probably breaks a bunch of design goals,
	but would it work?
	On 4/21/05, Chris Buechler <cbuechler at gmail dot com> wrote:
	> On 4/21/05, Christoph hanle <christoph dot hanle at leinpfad dot de> wrote:
	> > Neil A. Hillard schrieb:
	> > >>i think it is no good solution, that in the webgui and the config.xml
	> > >>the passwords for ppoe etc. and the pre-shared-key are always in
	> > >>cleartype visible; the admin password is hidden or encrypted
	> > >>respectively. Imho is this a big problem with the security.
	> > > Try:
	> > >
	> > > http://www.m0n0.ch/wall/docbook/faq-plaintextpass.html
	> > >
	> >
	> > Thx, i have overlooked this part, but i think it might be possible to
	> > encrypt/decrypt these passwords for example against the admin-password.
	> > And in the web-gui you can use the "hidden" tag.
	> > but i still think, this is a big security hole, that should be fixed.
	> It can't be fixed. Any "fix" would be nothing more than obfuscation.
	> Creating a false sense of security is worse than making it clear there
	> should be *no* sense of security.
	> That FAQ explains why very well.
	> -Chris
	> ---------------------------------------------------------------------
	> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
	> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch