Multics Security

please visit 7effects.com

"At a meeting in a Honeywell conference room, they handed me my password on a slip of paper. They'd exploited a bug in the obsolete interface put in for the XRAY facility, Jerry Grochow's thesis. This supervisor entry didn't do anything, but it accessed its arguments incorrectly, in a way that let the team cause the hardcore to patch itself. They'd used that hole to permanently install a tool that let them patch any location and read any file, and they'd obtained a copy of the password file from the MIT Multics site.
My code in the Multics User Control subsystem stored passwords one-way encrypted, at the suggestion of Joe Weizenbaum. I was no cryptanalyst; Joe had suggested I store the square of the password, but I knew people could take square roots, so I squared each password and ANDed with a mask to discard some bits. The Project ZARF folks then had to try 32 values instead of one, no big deal: except that there was a PL/I compiler bug in squaring long integers that gave wrong answers. If the compiler bug had been discovered and fixed, nobody would have been able to log in. The crackers had to construct some fancy tables to compensate for the 'Martian' arithmetic, but they still had only to try a few hundred values to invert the transform. (We quickly changed the encryption to a new stronger method, before Barry Wolman fixed the compiler bug.)"



please visit 7effects.com