Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'No, you did not miss anything...' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
No, you did not miss anything...
Authored by: themostbob on Apr 16, '02 11:26:04AM

This isn't a security issue if you're used to multiuser environments. If the system needs to have access to cleartext passwords for keychain use, there's no reason why you couldn't view them in Keychain Access. They have to be stored in a reversable form anyway, so nothing could keep them fully secure. The point is, they don't have to be secure from the user, only others.

Now, that said, I'll bring up this point - what's stopping someone from making a keychain accessing app that culls your keychain for passwords? If this is a simple thing to make then I'm the first to jump up and yell at Apple to implement PAM or hash the passwords in some way (though I don't know how they would be useful given the way keychain works). Any keychain hackers out there want to pipe up?



[ Reply to This | # ]
No, you did not miss anything...
Authored by: etrepum on Apr 16, '02 07:27:54PM

I think you're confused. The whole point of the keychain is that you can recover the plaintext passwords from the crypt passwords with the proper challenge phrase (which is not the same as the plaintext password itself). A hashing algorithm is one way, and is only useful for seeing if the hashed password is equal to the plaintext password, it will in not work in a scenario when you have a challenge phrase that differs from the password you are trying to decrypt. What good is a keychain if you have to know all the passwords anyways?

In any case, PAM is a different, yet also irrelevant, story. PAM is a system for Pluggable Authentication Modules, and is largely independent of any paritcular cryptography or credentials scheme. Basically, you write a PAM module and configuration for that module, and an application can say to the PAM daemon, "Hey, this guy has these credentials and I want to let him do X, can he?" and the daemon will respond with yes or no. PAM encompasses quite a bit more than this, but that's the general idea. This requires all the applications on the system to know about the PAM daemon, and also to trust the PAM daemon. Again, the whole point of the keychain is that you can recover the plaintext passwords from the keychain so that you may use them for communication with either local or most importantly remote systems. Remote systems are not going to trust your local PAM daemon by any means, so.. you lose. PAM would only be used at the user level with the keychain, where the keychain could ask the PAM daemon if these user is allowed to decrypt a particular key with these credentials and authentication. It's not going to change anything regarding what the keychain thingee does with said keys. This is the reason Apple hasn't implemented PAM with Darwin, is that they haven't found a compelling reason to spend the development effort doing so when they have so much else to fix.. PAM doesn't change much, it just lets your authentication systems be more dynamic, i.e. having /etc/password being encrypted in md5 or sha or blowfish or whatever the hell else the user feels like. I'd imagine there are PAM modules for more esoteric things like the s/key systems. PAM is also useful for more distributed applications where the particular PAM module can contact a remote host for the answer, as in talking to a Windows Domain Controller [cringe], IMAP Server, Kerberos thing, or whatever you want.



[ Reply to This | # ]