Passwords

Prabhaker Mateti

Abstract:  We describe the password systems of Unix and Windows NT.  We also describe the cracking procedures. Prerequisites: Cryptography, Authentication

Table of Contents

1. Educational Objectives
2. Passwords on a Unix System
   1. The crypt() Function
   2. The shadow system
   3. /etc/passwd example
   4. /etc/shadow example
3. Passwords on a Windows NT System
4. Cracking the Passwords
   1. Social Engineering
   2. Dictionary Attack
5. Choosing Good Passwords
   1. DOs
   2. DON'Ts
6. One Time Password Authentication
   1. S/Key
7. Lab Experiment
8. Acknowledgements
9. References

Educational Objectives

1. Make you understand the limitations of the typical password schemes
2. Sketch how the S/key works
3. Sketch the cracking algorithms
4. Bring focus to social engineering of passwords.

Passwords

Passwords on a Unix System

On a Linux system (without the Shadow Suite installed), user information including passwords is stored in the /etc/passwd file. The password is stored in an encoded format.  The algorithm used to encode the password field is known as a one way hash function. The computation is easy in the encoding direction, but very time consuming to calculate in the reverse direction.

The crypt() Function

Unix crypt() function (not the crypt(1) program) is based on the Data Encryption Standard (DES).  It takes the first 8 characters of the password, assembles a 56-bit key from the low 7-bits of each of these 8 characters.  Using this key, a block of 64-zero-bits is encrypted into a 64-bit code.  This is repeated 25 times. The resulting 64-bit code appended with two zero bits is split into 11 six-bit numbers.  Each  six-bit number i is stored as a char q[i] from the sequence q == [., /, 0-9, A-Z, a-z] of 64 characters.  This computation is perturbed with a randomly generated value called the salt, a two-character string chosen from the q. The salt value is prepended resulting in a sequence of 13 characters.

As an example, the word "hello" was encoded in two different attempts yielding the following two results:

pwsS8k.3HrN8E
BNApDvUheWPoc


Because of the salt, any particular password could be stored in 4096 different ways.  The collection of such user data is in the publicly readable file /etc/passwd.  A typical user's entry in a non-shadowed /etc/passwd file has the following format:

loginName:passwd:UID:GID:fullName:homeDirectory:shell

When a user logs in and supplies a password, the salt is first retrieved from the stored encoded password. Then the user-supplied password is encoded with the salt value, and then compared with the encoded password. If there is a match, then the user is authenticated.

It is computationally difficult (but not impossible) to take a randomly encoded password and recover the original password. However, on any system with more than just a few users, at least some of the passwords will be common words (or simple variations of common words).

The shadow system

Modern Unix systems no longer store the encoded password in the /etc/passwd file.  Instead, it is stored in a file /etc/shadow (on Linux) which is not world-readable.

Here are examples of these files:  /etc/passwd and /etc/shadow.

Passwords on a Windows System

Microsoft practices to an extent "security via obscurity," and hence the following information (summarized from discussions on L0phtCrack) may be inaccurate.

NT/2000/XP stores user information including encrypted  passwords in the file WINDOWS\system32\config\sam  in an undocumented binary format. 

A Windows password is split into two seven-character halves, so effectively, the password is never harder to crack than a seven-character password. Another weakness is that  no 'salt' value is used to encrypt each users' password a little differently. NT machine effectively stores two passwords - the NT password, encrypted with the RC4 DES algorithm, and a weaker one, know as an LN, or LANMAN, that can be optionally disabled by a system administrator.  The latter passwords are needed for legacy support to interoperate with Windows 95 and 98.  Although Microsoft uses DES encryption, the system only scrambles the passwords with the algorithm once, compared to Unix systems, which run 24 iterations of DES on password files to stop brute-force crypto attacks and to slow down dictionary attacks. Encrypted Windows NT password files are readable for the administrator.

Using Linux LiveCD systems, chntpw and bkhive can recover Windows passwords.

Cracking the Passwords

There are many practical tools that crack passwords of both Linux and Windows.  Just search the web with words like "password recovery".

Social Engineering

Social engineering is a "term used among crackers and samurai for cracking techniques that rely on weaknesses in wetware rather than software; the aim is to trick people into revealing passwords or other information that compromises a target system's security. Classic scams include phoning up a mark who has the required information and posing as a field service tech or a fellow employee with an urgent access problem. See also the tiger team story in the patch entry, and rubber-hose cryptanalysis." [The New Hacker's Dictionary, http://www.catb.org/jargon/html/index.html ]

Most system administrators generate, for their users, initial passwords that are hard to remember.  Soon after the login, users change their passwords to something they prefer.  These range from names and birth dates of spouses, friends, relatives and friends to whatever.  An attacker who "stalks" a user often does a little bit of snooping around to discover these.

1997.01.02, PA News: A recent survey by Compaq in the financial district of London showed that poor choices are the norm for computer passwords there. A staggering 82% of the respondents said they used, in order of preference, ``a sexual position or abusive name for the boss" (30%), their partner's name or nickname (16%), the name of their favorite holiday destination (15%), sports team or player (13%), and whatever they saw first on their desk (8%).

Most users have the same password for their accounts on different systems.  An attacker who broke into one account usually discovers these other accounts by going through the memoranda that the user keeps in his files as well as by running keystroke loggers or simple sniffers.

Dictionary Attack

System crackers often encrypt a dictionary of words and common passwords using all possible 4096 salt values. Then they will compare the encoded passwords in your /etc/passwd file with their database. Once they have found a match, they have the password for another account. This is one of the most common methods for gaining or expanding unauthorized access to a system. Good machine-readable collections of dictionaries are essential for cracking.

An 8 character password encodes to one of 4096 * 13 character strings. So, a dictionary of say 2,000,000 common words, names, passwords, and simple variations would easily fit on a 20GB hard drive. The attacker need only sort them, and then check for matches.  A 500 GB hard disk now (May 2008) sells for under $100.

Also, if crackers obtain your /etc/passwd and /etc/shadow files first, they only need to encode the dictionary with the salt values actually contained in your /etc/passwd /etc/shadow files.

Choosing Good Passwords

Don't Use the following for passwords: Your first name. Your last name. Your login name. Your pet's name. Any name at all. SS number. House number.  Telephone number. Your bank PIN. Any password shorter than six characters.

Do Use passwords of six characters or more. Use a combination of letters, numbers, and special characters.

One Time Password (OTP) Authentication

Because of the "human issues" (referred to above as wetware) involved, a password that can be used only once is becoming the de facto choice.  This OTP is generated from a user's secret pass-phrase that the user remembers or holds in a credit-card size "device", and a  number that is randomly generated.  OTP provides protection from eavesdropping, and dictionary attacks.  OTP evolved from the S/KEY, and many current packages are still named after "skey".   See [RFP 2289] for full technical details of OTP.

S/Key is a one-time password scheme based on one-way hash functions, described in Cryptography.    It is based on a memorized secret password and does not require a special device. It can be fully or partially automated for authentication from a trusted system. It uses no secret algorithms and no secrets are stored on host.

There are four programs involved in the S/Key system. (Note that the names of the programs may have been changed by different packages.)

1. A program called skey uses three inputs to generate a one-time password.  These are:  (1) a ``secret pass phrase'',  (2) the ``seed''  (which is sometimes, confusingly, called a ``key'') consisting of two letters and five digits, and (3)  the ``iteration count'', a number between 1 and 100.
2. The `keyinit' program is used to initialize S/Key, and to change passwords, iteration counts, or seeds; it takes either a secret password, or an iteration count, seed, and one-time password.
3. The `keyinfo' program examines the /etc/skeykeys file and prints out the invoking user's current iteration count and seed.
4. The `login' and `su' programs contain the necessary logic to accept S/Key one-time passwords for authentication. The `login' program is also capable of disallowing the use of UNIX passwords on connections coming from specified addresses.

Here is how one uses the S/key.

1. Run "keyinit -s" locally on your machine.
   1. "sequence count" is the number of logins before you must change your pass phrase. Enter, say, "99".
   2. Enter new key: hit return.
2. Paste the string that looks like "99 sh12345" into the skey calculator. Type in a  passphrase. It can be anything you want but ought to be 5 words.  E.g. "Lara likes thingz and stuff" or "web surfing is phun but can be addictive". Case matters.
3. Hit the "calculate" button. Paste the resulting English words into the shell window.
4. You have just set up an s/key passphrase. To login via s/key in the future, grab the string that looks like "99 sh12345" and paste it into your s/key calculator. Type in your passphrase to generate the response and paste this back into the telnet or ftp window.

Lab Experiment

All work should be carried out in Operating Systems and Internet Security (OSIS) Lab, 429 Russ.   No other WSU facilities are allowed.

Objectives: (1) To help you gauge the level of security offered by the typical password systems. (2) To familiarize you to the various "security sites." (3) To familiarize you with standard "program building" features such as configure and make.

1. Downloads
   1. Download at least two password cracking programs for Linux.  (You can find several by searching the web.  If several of you happen to choose the same two tools, your instructor will ask you explain this suspicious coincidence.)
   2. Depending on the tools downloaded, you will need to build/run it differently, or install it.  Do this as an ordinary user, not as root, unless impossible.
   3. You may also need to download "dictionaries" for use by the tools.
2. Login to Linux.  No need to login as root.  These tools are usable as ordinary users.
3. Cracked Examples
   1. Your overall goal is to crack the contents of /etc/passwd and /etc/shadow files which are taken from our OSIS Lab accounts from a previous term. 
   2. See how many pass words the two programs can crack and how fast. This can take several minutes to hours.
   3. You may want to construct your own examples of the passwd and shadow files, where you know the passwords you used.
4. Tabulate the results.
5. "Design" a password that is not crackable by any of the tools (at least the two you used).
6. Turn in a Lab Report explaining how you carried out all the above with details.

Acknowledgements

This work was supported in part by NSF DUE-9951380.

References

1. Simson Garfinkel, Gene Spafford, Practical Unix and Internet Security, 2nd edition (April 1996), O'Reilly & Associates; ISBN: 1565921488.  Chapter 8 Defending Your Accounts. Recommended Reading.
2. Prabhaker Mateti, Cryptography in Internet Security, A lecture from a course on Internet Security. www.cs.wright.edu/ ~pmateti/Courses/429/.  Required Reading.
3. Prabhaker Mateti, Authentication, A lecture from a course on Internet Security.  www.cs.wright.edu/~pmateti/ InternetSecurity/ Lectures/ Authentication  Required Reading.
4. L0pht, L0phtCrack, an NT password auditing tool. LC5 is the latest version. http://www.google.com/search?q=l0phtcrack
5. Password Cracking FAQ, http://www.password-crackers.com/ Also has links to many down loadable cracking tools.  Highly Recommended Reading
6. N. Haller, C. Metz, P. Nesser, M. Straw, "A One-Time Password System," RFP 2289, February 1998.
   http://www.ietf.org/rfc/rfc2289.txt Reference.
7. ByungRae Cha, ChulWon Kim, "Password Generation of OTP System using Fingerprint Features",
   2008 International Conference on Information Security and Assurance (ISA 2008) pp. 243-247.  Recommended Reading