passwds and crypt(3)...

Jonathan I. Kamens jik at athena.mit.edu
Wed Jan 3 09:20:52 AEST 1990 

In article <21913 at adm.BRL.MIL>, mwood!attcc!hpn at att.att.com writes:
> I don't understand the meaning behind use the /etc/shadow file.  All it does
> is holds the encrypted passwords, right? (like, AkhjfuDe2,md )
> What's the use?

  I noticed that someone else gave a brief explanation of why publicly
readable encrypted passwords can be a bad thing, but it wasn't very
thorough, so I want to give a more detailed explanation.  This is
comp.unix.questions, and not comp.unix.wizards, after all.

  The password entries in the /etc/passwd file actually consist of two
pieces of information.  The first two characters are the "seed", which
are fed to the crypt() library function (see the man page for it for
more information) along with your plain-text password when the password
is encrypte.  The seed is used by the crypt() function to perturb the
encryption algorithm in a way that will make different seeds produce
different encrypted password string.  More on the purpose of that later.

  The other characters (usually 11 of them) of the string in the
/etc/passwd file are the encrypted password.

  Now, let's say that someone wants to break into your account, and
since they don't know the various security holes that could allow them
to become the super-user on any Unix machine :-), they want to do so by
finding out what your password is.  They have the following tools to help them:

  1. A dictionary of commonly used passwords.
  2. A very fast machine to work on at their leisure (not a mandatory thing,
     but good to have.
  3. A program to use to break your password.

What the program does it take each word in the password dictionary and
encrypt it using the seed in the /etc/passwd file.  Then, it checks if
the encrypted string which is returned is the same as your encrypted
password string, and if it is, it has found your password!

  Now, a few notes about this method of attack.  First of all, the
crypt() library routine is specifically designed to be slow, even on a
fast machine.  There are MUCH faster crypt() routines available, and the
attacker may be using one of those routines instead of the default Unix
version.

  Second, the seed plays an important role in making an attack on the
/etc/passwd file more difficult.  If the crypt() routine did not use
seeds, then the attacker would have a much easier time of it -- all he
would have to do is encrypt the entire dictionary once, and then store
the resulting database of passwords and associated encrypted strings in
a file somewhere.  Then, he could compare each encrypted string to each
encrypted string in the /etc/passwd file and thus find out a lot of
passwords.  The seed mechanism thwarts this by giving users different
seeds (there are 4096 different possible seeds, although in practice it
is not normal for even close to that many different seeds to actually
get used -- another problem), so that each possible password must be
encrypted in each user's seed in order to check if it is the correct password.

  So, this brings us to the question, "What is the advantage of an
/etc/shadow file?"  If the encrypted password strings are removed from
the /etc/passwd file and placed in /etc/shadow instead, then an attacker
can't use the mechanisms described above in order to figure out
someone's password, since he doesn't have the encrypted password strings
to work with.

Jonathan Kamens			              USnail:
MIT Project Athena				11 Ashford Terrace
jik at Athena.MIT.EDU				Allston, MA  02134
Office: 617-253-4261			      Home: 617-782-0710

More information about the Comp.unix.questions mailing list