[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Isn't it a security hole...

> >        Actually, cracking a unix passwd file is quite easy, even for those
> >with minimal computer knowledge.  With widely available programs like Crack
> >(UNIX), Crakerjack (DOS), and root_crack(DOS) anybody with a CPU >386 can
> >crack the DES encryption with a bit of time.
> 
> My understanding of this situation (and please correct me if I'm wrong) is
> that the crypt() routine used by passwd is a truly one-way hashing algorithm,
> i.e. there simply is no way to go from an encrypted password back to the
> original.

Correct.

> Actually, I seem to remember reading that the crypt routine uses
> the password in combination with a "random" (based on time of day) string of
> bits (called the "salt", can't remember the length, I think it was 12 bits,
> giving 4096 possible encryptions of any given string), and that it uses this
> new salt+password as its key in encrypting a string of 0's. Given this, the
> only way to crack the passwords is to compile a dictionary of possible
> passwords, by taking all the likely strings to be used as passwords and
> encrypting each one 4096 times, once for each salt.

Because the same salt must be used on verification as on generation, the
salt is stored as the first two characters of the 13 character encrypted
password is thus easily obtained.  Without this, there would be no way
to verify a password other than trying it 4096 different ways.

> Once you have this
> dictionary made, it can be distributed to anyone to use as the foundation of
> their crack attack, but if you wish to hack someone personally, i.e. by
> checking their first name, etc., you'll have to add these to the dictionary
> (unless common names are also part of the original dictionary).

The "Crack" program automatically adds such words (obtained from user-info
and any readable files from the user's directory).

> And it should
> be plain how anyone with reasonable password-selection skills can be pretty
> much immune to this attack, e.g. by using non-word strings, by having
> punctuation, by varying the case of your characters, etc.  If the max passwd
> length is 8 bytes, then at a quick estimate it seems that there are
> 256^8 * 4096 different possible passwords...?

Right, but most people don't do this.  It's usually a word or some simple
permutation of a word.  Crack tries the with different cases, backwards, 
"1" instead of "i", "0" instead of "o", etc.

If a password were a random sequence of characters, they would be nearly
unbreakable, but then people would have to write them down somewhere and
that is an even bigger security risk in many ways.

                                        Brian
                               ( bcwhite@verisim.com )

-------------------------------------------------------------------------------
    In theory, theory and practice are the same.  In practice, they're not.
Reply to: