Plaintext passwords

[gperks]

If one looks at config.xml, one will find all your passwords in plaintext!

su
grep password /conf/config.xml

While you do need root access for this, I believe this file is stored on the boot drive. Which for many, is a USB stick I could easily snatch for a few minutes and examine on another machine.

This is a risk people should be aware of.

I can't think of a good solution for this besides not storing the passwords at all. What would be the impact of that?

[Onichan]

The real solution would be storing a salt and hash and not just a single round hash as that's too weak nowadays as well. Would need to either use bcrypt or at least a few hundred thousand rounds of sha hashes with a salt.

Anyways if somebody has unauthorized physical access to your NAS then that's the bigger problem.

[gperks]

Thanks Onichan.

I disagree anout hashes being a solution. Presumably the NAS4Free scripts need access to your various passwords for a reason (updating the system upon Apply Changes?). A hash is innappropriate here - those are for verifying passwords. The whole point of a hash is that you can't get back to the password itself.

Improved security would remove the passwords from the config.xml and require the admin to enter the password when applying changes. Alternatively one could encrypt the passwords in config.xml but then you need yet another password to decrypt!

[Onichan]

Keeping a hash is standard practice for anything with decent security. You don't need to keep the password in plaintext or even reversible encryption for most things.

To authenticate a user using a hash, the user enters their password and the system hashes it, then it compares the new hash to the stored one. If they match then it's the correct password, pretty simple.

If you remove the passwords from the config.xml where would you store them? They must exist somewhere and having them in the backup is good so you don't have to re-enter all user passwords again when restoring.

[gperks]

I fully agree with you on how hashes are used. However config.xml is not the place for a hash since what NAS4Free needs is the password itself, not a 1-way hash.

My question was, what does NAS4Free need the passwords for? Your answer, so they don't have to be re-entered upon restore. What kind of password policy avoids users having to type them in?!

Unix, a long time ago, stored plaintext passwords in /etc/password, because only root could read that file. But even by 1979 they realized what a bad idea that was, see http://www.cs.yale.edu/homes/arvind/cs4 ... ix-sec.pdf.

This is a balance between security and convenience. My belief is that storing plaintext passwords is too far towards convenience.

Does NAS4Free itself need to know these passwords in order to operate, or does running as root give it all the access it needs?

[daoyama]

For short test, it's very hard to store hash in config.xml.
samba use NTLM hash which can be stored in passdb.tdb by smbpasswd or pdbedit from plain text only.
At least, you cannot use any user/password for samba (windows share) if store hashed password.