CEG 499/699: Internet Security College of Engineering & CS Wright State University Dayton, Ohio 45435-0001

Passwords   Prabhaker Mateti   Abstract:  We describe the password systems of Unix.  We also describe the cracking procedures.   This work is supported in part by NSF DUE-9951380.

Table of Contents

1. Educational Objectives
2. Lab Experiment
3. Acknowledgements
4. References

Educational Objectives

1. Make you understand the limitations of the typical password schemes
2. Sketch how the S/key works
3. Sketch the cracking algorithms
4. Bring focus to social engineering of passwords.

Passwords

Passwords on a Unix System

On a typical Unix system (without the Shadow Suite installed), user information including passwords is stored in the /etc/passwd file. The password is stored in an encoded format.  The algorithm used to encode the password field is known as a one way hash function. The computation is easy in the encoding direction, but very time consuming to calculate in the reverse direction.

Unix crypt() function (not the crypt(1) program) works as follows.  It takes the first 8 characters of the password, and catenates the low 7-bits of each of these 8 characters into  a 56-bit key.  Using this key a sequence of 64-zero-bits is encrypted into a 64-bit code.  This code is split into 11 six-bit numbers.  Each  six-bit number i is stored as a char q[i] from the sequence q == [., /, 0-9, A-Z, a-z] of 64 characters.  This computation is perturbed with a randomly generated value called the salt, a two-character string chosen from the q. The salt value is prepended resulting in a sequence of 13 characters.

As an example, the password "hello" was encoded in two different attempts yielding the two results:

pwsS8k.3HrN8E
BNApDvUheWPoc


Any particular password could be stored in 4096 different ways.  The collection of such user data is in the publicly readable file /etc/passwd.  A typical user's entry in a non-shadowed /etc/passwd file has the following format:

loginName:passwd:UID:GID:fullName:homeDirectory:shell

When a user logs in and supplies a password, the salt is first retrieved from the stored encoded password. Then the supplied password is encoded with the salt value, and then compared with the encoded password. If there is a match, then the user is authenticated.

The shadow system

A number of Unix utilities read the /etc/passwd file to obtain other (non-password, such as user's full name) data about a user.  Consequently, this file must continue to have read-permission enabled.  Modern Unix systems no longer store the encoded password in the /etc/passwd file; the password field of the entries in this file now contains a useless value.  Another file /etc/shadow (on Linux), which is not world-readable, but whose format is identical to that of /etc/passwd, stores the encrypted password.  See Linux Shadow Password HOWTO (listed in the References) for more details.

Cracking the Passwords

It is computationally difficult (but not impossible) to take a randomly encoded password and recover the original password. The key space consists of 2^56 possible values. Exhaustive searches of this key space are possible using massively parallel computers.  However, the real problem is not that an attacker could spend enormous computational power in guessing a password.  On any system with more than just a few users, at least some of the passwords will be common words (or simple variations of common words). 

A couple of entries from The Jargon File:

• social engineering: n. Term used among crackers and samurai for cracking techniques that rely on weaknesses in wetware rather than software; the aim is to trick people into revealing passwords or other information that compromises a target system's security. Classic scams include phoning up a mark who has the required information and posing as a field service tech or a fellow employee with an urgent access problem. See also the tiger team story in the patch entry.
• wetware: /wet'weir/ [prob. from the novels of Rudy Rucker] n. 1. The human nervous system, as opposed to computer hardware or software. "Wetware has 7 plus or minus 2 temporary registers." 2. Human beings (programmers, operators, administrators) attached to a computer system, as opposed to the system's hardware or software. See liveware, meatware.

Dictionary Attack

System crackers will simply encrypt a dictionary of words and common passwords using all possible 4096 salt values. Then they will compare the encoded passwords in your /etc/passwd file with their database. Once they have found a match, they have the password for another account. This is one of the most common methods for gaining or expanding unauthorized access to a system.

An 8 character password encodes to one of 4096 * 13 character strings. So a dictionary of say 400,000 common words, names, passwords, and simple variations would easily fit on a 4GB hard drive. The attacker need only sort them, and then check for matches.  A 40 GB hard disk now (Mar 2001) sells for under $100.

Good machine-readable collections of dictionaries are essential for cracking.

Also, if crackers obtain your /etc/passwd file first, they only need to encode the dictionary with the salt values actually contained in your /etc/passwd file.

Choosing Good Passwords

Most people continue to choose easy-to-guess passwords.

1997.01.02, PA News: A recent survey by Compaq in the financial district of London showed that poor choices are the norm for computer passwords there. A staggering 82% of the respondents said they used, in order of preference, ``a sexual position or abusive name for the boss" (30%), their partner's name or nickname (16%), the name of their favorite holiday destination (15%), sports team or player (13%), and whatever they saw first on their desk (8%).

Don't Use the following for passwords: Your first name. Your last name. Your login name. Your pet's name. Any name at all. SS number. House number.  Telephone number. Your bank PIN. Any password shorter than six characters.

Do Use passwords of six characters or more. Use a combination of letters, numbers, and special characters.

S/Key

S/Key is a one-time password scheme based on a one-way hash function.  There are four programs involved in the S/Key system.

1. A program called skey uses three data items to generate a one-time password.  These are   a (1) ``secret password'',  (2) the ``seed'' or (confusingly) ``key'', and consists of two letters and five digits, and (3)  the ``iteration count'', a number between 1 and 100.
2. The `keyinit' program is used to initialize S/Key, and to change passwords, iteration counts, or seeds; it takes either a secret password, or an iteration count, seed, and one-time password.
3. The `keyinfo' program examines the /etc/skeykeys file and prints out the invoking user's current iteration count and seed.
4. The `login' and `su' programs contain the necessary logic to accept S/Key one-time passwords for authentication. The `login' program is also capable of disallowing the use of UNIX passwords on connections coming from specified addresses.

Here is how one uses the S/key.

1. Run "keyinit -s" locally on your machine.
   1. "sequence count" is the number of logins before you change your passphrase Enter say` "99".
   2. Enter new key: hit return.
2. Paste the string that looks like "99 sh12345" into the skey calculator. Type in a  passphrase. It can be anything you want but ought to be 5 words.  E.g. "Lara likes thingz and stuff" or "web surfing is phun but can be addictive". Case matters.
3. Hit the "calculate" button. Paste the resulting English words into the shell window.
4. You have just set up an s/key passphrase. To login via s/key in the future, grab the string that looks like "99 sh12345" and paste it into your s/key calculator. Type in your passphrase to generate the response and paste this back into the telnet or ftp window.

Lab Experiment

All work should be carried out in Operating Systems and Internet Security (OSIS) Lab, 429 Russ.   No other WSU facilities are allowed.

Objective: To help you gauge the level of security offered by the typical password systems.

1. Examine the content of /etc/passwd file on a machine in the lab.  Crack as many pass words as you can.
2. Download at least one password cracking program.  [You can find several by searching the web.  Crack is a well known password audit program.  Find it on www.securityfocus.com.] See how many pass words it can crack and how fast.  Tabulate the results.
3. "Design" a password that is not crackable by any of the tools.

Acknowledgements

References

1. Simson Garfinkel, Gene Spafford, Practical Unix and Internet Security, 2nd edition (April 1996), O'Reilly & Associates; ISBN: 1565921488.   Recommended Reading: Chapter 8 Defending Your Accounts.
2. Prabhaker Mateti, Security Fortification, June 2000.  A lecture from a course on Internet Security. www.cs.wright.edu/~pmateti/InternetSecurity
3. Michael H. Jackson,  Linux Shadow Password HOWTO,  April 1996, http://metalab.unc.edu/linux/HOWTO/Shadow%2DPassword%2DHOWTO.html
4. Bruce Schneier, "Applied Cryptography: Protocols, Algorithms, and Source Code in C", John Wiley & Sons; ISBN: 0471117099
5. L0pht, L0phtCrack 2.52, an NT password auditing tool, http://www.l0pht.com/l0phtcrack/
6. Password Cracking FAQ, http://www.password-crackers.com/pwdcrackfaq.html  Also has links to many down loadable cracking tools.
7. Joe Sanjour, Andrew Arensburger, Anne Brink, Choosing a Good Password, 02-Jun-1999 http://www.cs.umd.edu/faq/Passwords.shtml
8. Eric S Raymond (maintainer), The Jargon File.  This file is a common heritage of the hacker culture.  Here hacker is used in the "good" sense, not as a synonym for attacker . The file is archived in many locations; here is one: http://www.tuxedo.org/~esr/jargon/