Abstract: We describe the password systems of Unix and Windows NT and up. We also describe the cracking procedures. Prerequisites: Cryptography, Authentication
Other Internet Security Lectures by Mateti/etc/passwd example/etc/shadow exampleOn a Linux system (without the Shadow Suite installed), user information including passwords is stored in the /etc/passwd file. The password is stored in an encoded format. The algorithm used to encode the password field is a one way hash function. The computation is easy in the encoding direction, but very time consuming to calculate in the reverse direction.
Modern Linux distributions, such as Ubuntu and RedHat, default to using the Message-Digest Algorithm (MD5) and shadow passwords.
An alternative used in most Unix and older Linux distributions is based on Data Encryption Standard (DES) format. This format limits passwords to eight characters and provides a modest 56-bit level of encryption. Unix crypt() function (not the crypt(1) program) is based on the Data Encryption Standard (DES). The encoded version of the plain text password is computed as follows.
Because of the salt, any particular password could be stored in 4096 different ways. As an example, the admittedly weak password hello was encoded in two different attempts yielding the following two results:
pwsS8k.3HrN8E
BNApDvUheWPoc
The collection of such user data is in the file /etc/passwd. A typical user's entry in a non-shadowed /etc/passwd file has the following format:
loginName:encodedpasswd:UID:GID:fullName:homeDirectory:shell
The colons separate the various fields. When a user logs in and supplies a plain text password, the salt is first retrieved from the stored encoded password. Then the user-supplied password is encoded with the salt value, and then compared with the encoded password. If there is a match, then the user is authenticated.
It is computationally difficult (but not impossible) to take a randomly encoded password and recover the original password. However, on any system with more than just a few users, at least some of the passwords will be common words (or simple variations of common words).
The /etc/passwd file is required to be publicly readable because many legacy programs extract the various fields stored in the password file. Modern Unix systems no longer store the encoded password in the /etc/passwd file. Instead, it is stored in a file /etc/shadow (on Linux), whose structure is the same as that of /etc/passwd but which is not world-readable.
Here are examples of these files: /etc/passwd and /etc/shadow.
MD5 passwords do not eliminate the threat of password cracking. They just make cracking passwords much more time consuming.
An MD5 password is stored in the /etc/shadow in the encoded password as follows.
student:$1$l67ia9iK$x80ABcEExHYMVpMx.Bls5.:13749:0:99999:7::: jsmith:$1$Y4.kjoQ2$GIuEZcnQVPYi7RPWrQRTE.:14036:0:99999:7::: jtripper:$1$WH2SxqnX$rL0J6JYshB3wl6yBm90Bd1:13887:0:99999:7:::
The encoded password field contains three dollar signs. Between the first pair $1$ is referred to as the "magic" and is used to determine if this is a MD5 hash or not. The second pair encloses $l67ia9iK$ the salt. The characters following the third dollar upto the colon, namely x80ABcEExHYMVpMx.Bls5., is the MD5 hash of password.
Look up the man page for the commands named: md5sum, userdbpw.
Note that MD5 is now considered breakable. From an MD5Crack Website: MD5 speed: 5081455 MD5 hashes/sec. Current time needed to break all 8 chars length passwords : [a-zA-Z0-9]{1,8} ... 497 days, [a-z0-9]{1,8} ...... 6 days. TheMD5 hash: b9b83bad6bd2b4f7c40109304cf580e1 resolves to "expert".
From Ubuntu Wiki: Since MD5 is considered "broken", Ubuntu 8.10 and later
moved to using salted SHA512 password hashes (crypt id 6), which are several
orders of magnitude more difficult to brute-force or generate rainbow tables
for.
Microsoft practices to an extent "security via obscurity," and hence the following information (summarized from discussions on L0phtCrack) may be inaccurate.
NT/2000 stores user information including encrypted passwords in the file \winnt\system32\config\sam. This file is a part of the registry, in an undocumented binary format.
An NT password is split into two seven-character halves, so effectively, the password is never harder to crack than a seven-character password. Another weakness is that no 'salt' value is used to encrypt each users' password a little differently. NT machine effectively stores two passwords - the NT password, encrypted with the RC4 DES algorithm, and a weaker one, know as an LN, or LANMAN, that can be optionally disabled by a system administrator. The latter passwords are needed for legacy support to interoperate with Windows 95 and 98. Although Microsoft uses DES encryption, the system only scrambles the passwords with the algorithm once, compared to Unix systems, which run 24 iterations of DES on password files to stop brute-force crypto attacks and to slow down dictionary attacks. Encrypted Windows NT password files are readable for the administrator.
Social engineering is a "term used among crackers and samurai for cracking techniques that rely on weaknesses in wetware rather than software; the aim is to trick people into revealing passwords or other information that compromises a target system's security. Classic scams include phoning up a mark who has the required information and posing as a field service tech or a fellow employee with an urgent access problem. See also the tiger team story in the patch entry, and rubber-hose cryptanalysis." [The New Hacker's Dictionary, http://www.catb.org/jargon/html/index.html ]
Most system administrators generate, for their users, initial passwords that are hard to remember. Soon after the login, users change their passwords to something they prefer. These range from names and birth dates of spouses, friends, relatives and friends to whatever. An attacker who "stalks" a user often does a little bit of snooping around to discover these.
1997.01.02, PA News: A recent survey by Compaq in the financial district of London showed that poor choices are the norm for computer passwords there. A staggering 82% of the respondents said they used, in order of preference, ``a sexual position or abusive name for the boss" (30%), their partner's name or nickname (16%), the name of their favorite holiday destination (15%), sports team or player (13%), and whatever they saw first on their desk (8%).
Most users have the same password for their accounts on different systems. An attacker who broke into one account usually discovers these other accounts by going through the memoranda that the user keeps in his files as well as by running keystroke loggers or simple sniffers.
System crackers often encrypt a dictionary of words and common passwords using all possible 4096 salt values. Then they will compare the encoded passwords in your /etc/passwd file with their database. Once they have found a match, they have the password for another account. This is one of the most common methods for gaining or expanding unauthorized access to a system. Good machine-readable collections of dictionaries are essential for cracking.
An 8 character password encodes to one of 4096 * 13 character strings. So, a dictionary of say 2,000,000 common words, names, passwords, and simple variations would easily fit on a 20GB hard drive. The attacker need only sort them, and then check for matches. A 2000 GB hard disk now (Mar 2011) sells for under $100.
Also, if crackers obtain your /etc/passwd file first, they only need to encode the dictionary with the salt values actually contained in your /etc/passwd file.
Don't Use the following for passwords: Your first name. Your last name. Your login name. Your pet's name. Any name at all. SS number. House number. Telephone number. Your bank PIN. Any password shorter than six characters.
Do Use passwords of six characters or more. Use a combination of letters, numbers, and special characters. E.g., the following is found on the web.
Because of the "human issues" (referred to above as wetware) involved, a password that can be used only once is becoming the de facto choice. This OTP is generated from a user's secret pass-phrase that the user remembers or holds in a credit-card size "device", and a number that is randomly generated. OTP provides protection from eavesdropping, and dictionary attacks. OTP evolved from the S/KEY, and many current packages are still named after "skey". See [RFP 2289] for full technical details of OTP.
S/Key is a one-time password scheme based on one-way hash functions, described in Cryptography. It is based on a memorized secret password and does not require a special device. It can be fully or partially automated for authentication from a trusted system. It uses no secret algorithms and no secrets are stored on host.
There are four programs involved in the S/Key system. (Note that the names of the programs may have been changed by different packages.)
Here is how one uses the S/key.
All work should be carried out in Operating Systems and Internet Security (OSIS) Lab, 429 Russ. No other WSU facilities are allowed.
Objectives: (1) To help you gauge the level of security offered by the typical password systems. (2) To familiarize you to the various "security sites." (3) To familiarize you with standard "program building" features such as configure and make.
This work was supported in part by NSF DUE-9951380.