passwds and crypt(3)...

Dan Mercer mercer at ncrcce.StPaul.NCR.COM
Thu Jan 4 09:45:36 AEST 1990 

In article <1990Jan2.222052.915 at athena.mit.edu> jik at athena.mit.edu (Jonathan I. Kamens) writes:
:In article <21913 at adm.BRL.MIL>, mwood!attcc!hpn at att.att.com writes:
:> I don't understand the meaning behind use the /etc/shadow file.  All it does
:> is holds the encrypted passwords, right? (like, AkhjfuDe2,md )
:> What's the use?
:
:  I noticed that someone else gave a brief explanation of why publicly
:readable encrypted passwords can be a bad thing, but it wasn't very
:thorough, so I want to give a more detailed explanation.  This is
:comp.unix.questions, and not comp.unix.wizards, after all.
:
:  The password entries in the /etc/passwd file actually consist of two
:pieces of information.  The first two characters are the "seed", which
:are fed to the crypt() library function (see the man page for it for
:more information) along with your plain-text password when the password
:is encrypte.  The seed is used by the crypt() function to perturb the
:encryption algorithm in a way that will make different seeds produce
:different encrypted password string.  More on the purpose of that later.
:
:  The other characters (usually 11 of them) of the string in the
:/etc/passwd file are the encrypted password.
:
:  Now, let's say that someone wants to break into your account, and
:since they don't know the various security holes that could allow them
:to become the super-user on any Unix machine :-), they want to do so by
:finding out what your password is.  They have the following tools to help them:
:
:  1. A dictionary of commonly used passwords.
:  2. A very fast machine to work on at their leisure (not a mandatory thing,
:     but good to have.
:  3. A program to use to break your password.
:
:What the program does it take each word in the password dictionary and
:encrypt it using the seed in the /etc/passwd file.  Then, it checks if
:the encrypted string which is returned is the same as your encrypted
:password string, and if it is, it has found your password!
:
:  Now, a few notes about this method of attack.  First of all, the
:crypt() library routine is specifically designed to be slow, even on a
:fast machine.  There are MUCH faster crypt() routines available, and the
:attacker may be using one of those routines instead of the default Unix
:version.
:
:  Second, the seed plays an important role in making an attack on the
:/etc/passwd file more difficult.  If the crypt() routine did not use
:seeds, then the attacker would have a much easier time of it -- all he
:would have to do is encrypt the entire dictionary once, and then store
:the resulting database of passwords and associated encrypted strings in
:a file somewhere.  Then, he could compare each encrypted string to each
:encrypted string in the /etc/passwd file and thus find out a lot of
:passwords.  The seed mechanism thwarts this by giving users different
:seeds (there are 4096 different possible seeds, although in practice it
:is not normal for even close to that many different seeds to actually
:get used -- another problem), so that each possible password must be
:encrypted in each user's seed in order to check if it is the correct password.
:
:  So, this brings us to the question, "What is the advantage of an
:/etc/shadow file?"  If the encrypted password strings are removed from
:the /etc/passwd file and placed in /etc/shadow instead, then an attacker
:can't use the mechanisms described above in order to figure out
:someone's password, since he doesn't have the encrypted password strings
:to work with.
:
:Jonathan Kamens			              USnail:
:MIT Project Athena				11 Ashford Terrace
:jik at Athena.MIT.EDU				Allston, MA  02134
:Office: 617-253-4261			      Home: 617-782-0710

Check out Cliff Stoll's great book the _Cuckoo's Egg_ in which he
describes how he unearthed a West German spy ring preying on
the ARPANET.  One of the first thing the intruder did was to
steal /etc/passwd.  He seemed to have no trouble at all cracking
passwords using the methods you described.  Of course,  simply
choosing intelligent passwords would have prevented this -
no words appearing in dictionaries - no proper names - interspersing
alphabeticals with numerics or control characters.

Of course,  a lot of the breakins came from no passwords assigned at
all.

Anyway,  great book.  Must read for anyone in this business.  Hell,
great book for anyone period.



-- 

Dan Mercer
Reply-To: mercer at ncrcce.StPaul.NCR.COM (Dan Mercer)

More information about the Comp.unix.questions mailing list