From: Rich Graves <llurch@networking.stanford.edu>
To: cypherpunks@toad.com
Message Hash: 0be0544bd5c0ef34acf9c507a6b77ba080a8a6cbc1a8b9692a499f60b2c76fff
Message ID: <Pine.ULT.3.91.960120151615.6696B-100000@Networking.Stanford.EDU>
Reply To: N/A
UTC Datetime: 1996-01-21 03:27:34 UTC
Raw Date: Sun, 21 Jan 1996 11:27:34 +0800
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sun, 21 Jan 1996 11:27:34 +0800
To: cypherpunks@toad.com
Subject: Idea for "friendly" Windows password hack
Message-ID: <Pine.ULT.3.91.960120151615.6696B-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain
[Let me say up front that beyond a lot of perl hacking, I've never had
a need to code my way out of a paper bag, so this is not something I'd
be able to implement myself, at least not without a month of study.]
OK, so we know how to crack .PWL files, and how any program (virus, trojan
horse, Windows Help file calling a DLL beginning with ASCII 229 so that
virus scanners can't see it) can obtain usernames, passwords, etc. even if
persistent "password caching" to disk has been turned off.
How might Microsoft (or someone else) address this without forcing users
to quit all applications and "log out" of Windows to purge the temporary
"password cache" in RAM? I.e., I don't care much about and know I can't
count on the security of my PC as such, and it's really convenient to
leave a zillion Popular Web Browser windows open when I walk out of my
office, but I don't like the idea that anyone might walk up to my PC and
log on as me to the otherwise (more or less) secure servers I use.
In thinking about how MacOS PowerTalk deals with this by allowing the user
to "lock" and "unlock" their keychain at will, it occurred to me that
there's no particular reason we should just have to "look, don't touch"
the password cache in RAM. After all, it's our insecure single-user
operating system, and our passwords.
Why not provide a way to grab the passwords cached in RAM, encrypt them
securely, put them away somewhere, and scramble the original copy of the
passwords in RAM so that Microsoft's code can't get to them?
We don't need no steenking user interface. Actually, the first cut at
this wouldn't really need to encrypt them securely, but just deny them to
the OS, and restore them to the OS, on demand.
Just a quick demo of how Microsoft can and should resolve this issue would
have people beating down our door, and we'd unambiguously be the good
guys. Because we'd be providing the solution, there would be no further
moral qualms about posting full details and full source code.
-rich
owner-win95netbugs@lists.stanford.edu
ftp://ftp.stanford.edu/pub/mailing-lists/win95netbugs/
gopher://quixote.stanford.edu/1m/win95netbugs
http://www-leland.stanford.edu/~llurch/win95netbugs/faq.html
Return to January 1996
Return to “Rich Graves <llurch@networking.stanford.edu>”
1996-01-21 (Sun, 21 Jan 1996 11:27:34 +0800) - Idea for “friendly” Windows password hack - Rich Graves <llurch@networking.stanford.edu>