Sorry if this sounds a bit argumentative, but it's a bit late so I'm in a
hurry. This is just for the sake of discussion...
I can think of three places that DynDNS, PPP, etc. passwords need to be
protected: on the m0n0wall, in backup copies of config.xml, and when they're
used by the relevant protocol.
I'll assume the m0n0wall gets it right :-), and the protocols can look out
for themselves. That leaves only backup copies of config.xml, and a local,
secret password could protect those passwords.
I agree that security through obscurity doesn't provide any real security at
all. There are two things I don't understand so far in this discussion:
- why opening another line of attack (via cleartext passwords in file
backups of the configuration) is a good way to avoid giving people a false
sense of security.
- why people shouldn't take responsibility for understanding how
On 5/7/05, Paul Rae <PRae at aminocom dot com> wrote:
> No all it would do is give a false sense of security. No matter how you
> encrypt / obfuscate it on the box, it needs to be sent clear when its used.
> All it would take is a simple sniffer and you would get it.
> Its wrong to give people a false sense of security.
> -----Original Message-----
> From: Claude Morin [mailto:klodefactor at gmail dot com]
> Sent: Thu 05/05/2005 23:48
> Cc: m0n0wall at lists dot m0n0 dot ch
> Subject: Re: [m0n0wall] feature request (hidden and encrypted
> passwords/pre-sharde keys)
> [Sorry to resurrect this, but I have a kooky idea. I have no illusions
> implementing it, it's more intended to nail down my understanding of this
> Is it possible that the problem with this discussion is that everyone
> assumes some sort of fixed obfuscation algorithm in the m0n0wall sources?
> Instead, couldn't an installed m0n0wall store a secret key that is
> notincluded in the
> config.xml file? The secret would be set from the physical console menu,
> stored elsewhere in the installed m0n0wall image.
> Whenever DynDNS or PPP or anything else needs a password, the local secret
> key would be used to decrypt (in memory only) the appropriate
> As I said, it's a kooky idea and probably breaks a bunch of design goals,
> but would it work?
> On 4/21/05, Chris Buechler <cbuechler at gmail dot com> wrote:
> > On 4/21/05, Christoph hanle <christoph dot hanle at leinpfad dot de> wrote:
> > > Neil A. Hillard schrieb:
> > > >>i think it is no good solution, that in the webgui and the
> > > >>the passwords for ppoe etc. and the pre-shared-key are always in
> > > >>cleartype visible; the admin password is hidden or encrypted
> > > >>respectively. Imho is this a big problem with the security.
> > > > Try:
> > > >
> > > > http://www.m0n0.ch/wall/docbook/faq-plaintextpass.html
> > > >
> > >
> > > Thx, i have overlooked this part, but i think it might be possible to
> > > encrypt/decrypt these passwords for example against the
> > > And in the web-gui you can use the "hidden" tag.
> > > but i still think, this is a big security hole, that should be fixed.
> > It can't be fixed. Any "fix" would be nothing more than obfuscation.
> > Creating a false sense of security is worse than making it clear there
> > should be *no* sense of security.
> > That FAQ explains why very well.
> > -Chris
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch