Understanding Passwords ● Jonathan Schipp ● Dubois County Linux User Group ● Nov 7 th 2010 ● jonschipp (at) gmail.com

Covering ● Hash Theory ● How passwords are stored ● Salting ● /etc/passwd ● /etc/shadow ● Admin tools ● Password Attacks

How are passwords stored? ● We use hashes to store passwords. ● A hash, also called a digest, is a one-way ● mathematical function(irreversible) ● You don't want to store passwords in clear-text form. This would enable anyone who can get access to the password database to view them all.

Hashing ● We use hashing algorithms to generate hashes. A few popular algorithms used for hashing are: ● DES (Data Encryption Standard - not technically a hash alg though) ● MD5 (Message Digest 5) ● SHA (Secure Hashing Algorithm)

Hashing cont. ● Once a password is chosen, when a user account is created, the system generates a hash for that password by using one of the hashing algorithms. This newly generated hash is stored in a password database. ● Good hashing algorithms generate a fixed amount of output for an unfixed amount of input.

Hashing cont. ● The password “mypass” should hash to the same amount of characters as a book worth of words. ● “mypass” when run through a hashing algorithm should look something like this: ● 5yfRRkrhJDbomacm2lsvEdg4GyY=

Irreversible ● It is not possible by using the algorithm to determine the clear-text message(password) by reversing the process. ● A single different bit will generate an entirely different looking hash. ● A character is represented as 8 bits

Authentication ● When users log into a system, the password they give is hashed by the program that handles the login. ● The hash generated is then compared to the hash in the in password database. ● If the hash matches, you are authenticated ● If not, wrong password.

Windows ● In windows the password database is a file called SAM ( Security Accounts Manager) ● Hashes of the account passwords are stored in this file ● This file is typically located at: ● %WINDOWS%/System32/config/ ● Windows uses LM and NTLM hashes. LM being terribly insecure and NTLM being close to it. ● Windows OS's do not salt their hashes

Linux ● Linux stores its password hashes in ● /etc/shadow ● In the older Unix days, passwords were stored in /etc/passwd. Which was readable by everyone, because programs had to look up account information. Later, the hashes were extracted from /etc/passwd and put in /etcshadow. /etc/shadow is only readable by root( the super user). /etc/passwd retains the user information for the programs that need it. ● /etc/passwd was used to map user ID numbers into names, and user names into full names

Hashing Algs. ● Traditionally Unix systems used DES to create the hashes for the system. ● The crypt() function call (libc) was used. ● man 3 crypt ● crypt($pass, $salt)

Moving along ● We found faster and more secure algorithms e.g. MD5 and SHA ● These are being used now. ● MD5 uses a 128 bit hash ● SHA(0-3) can go from 160 bits to 512 bits. ● The more bits the stronger the hash.

Hash Collisions ● A hash collision is when two hashed inputs result in the same hash. This is a huge problem ● mypass = 5yfRRkrhJDbomacm2lsvEdg4GyY= ● secret = 5yfRRkrhJDbomacm2lsvEdg4GyY= ● A good hashing algorithm will not produce hashing collisions. ● Collisions are dangerous, especially from a password cracking standpoint. ● DES had many collisions(among other things), which is one reason it ceases to be in use for hashing(?).

Hashing others uses? ● Hashing is used also used to verify the integrity of data (password, document, mp3, etc). ● It does this by the comparing the produced (fixed) output of a file to a hash given by the files author. ● For example, when an author releases a program, he will also usually release a hash of the program. This is usually displayed on a download page for the program. ● You download the program, generate a hash for the program, and compare the hash of the download vs. the one the author put on the website.

Integrity ● If they match it means the program hasn't been tampered with. It is the exact copy the author used when he generated the hash. ● This is used when dealing with operating systems, and security products. ● You don't want to grab a copy of program that has been corrupted with a backdoor. ● Hashing is also used heavily in other forms of cryptography. ● For example, Asymmetric Cryptography uses hashes to create digital signatures ● IPSEC uses hashing to verify bits in the IPSEC packet.

Would you like a little salt on your hashes? ● Salting consists of random bits that are used as one of the inputs to a key derivation function. The other input is usually a password or passphrase. ● Salt data complicates dictionary attacks that use pre-encryption of dictionary entries: each bit of a salt used doubles the amount of storage and computation required. ● For best security, the salt value is kept secret. To determine a password from a stolen hash, an attacker cannot simply try common passwords (such as English language words or names). Rather, they must calculate the hashes of random characters (at least for the portion of the input they know is the salt), which is much slower. ● Early Unix systems used a 12-bit salt, but modern implementations use larger values.

Salting your hashes cont. ● The benefit provided by using a salted password is that a simple dictionary attack against the encrypted values becomes impractical if the salt is large enough. That is, an attacker would not be able to create a rainbow table, a dictionary of hashed values (password + salt), because it would either take too much time, or too much space. This would force the attacker to use the provided authentication mechanism (which "knows" the correct salt value). ● pass = mypassword, salt = ja3gdgj&# ● crypt($1, $pass, $salt) ● $1 == md5, hash(pass + salt) = salted hash ● More info: ● understanding-password-salt

/etc/passwd ● The /etc/passwd contains one entry per line for each user (or user account) of the system. All fields are separated by a colon (:) symbol. Total seven fields as follows. ● To view: cat /etc/passwd ● Permissions: owned by root | -rw-r--r--

Demo (Live) ● Show /etc/passwd

/etc/passwd dissected ● Username: It is used when user logs in. It should be between 1 and 32 characters in length. ● Password: An x character indicates that encrypted password is stored in /etc/shadow file. ● User ID (UID): Each user must be assigned a user ID (UID). UID 0 (zero) is reserved for root and UIDs 1-99 are reserved for other predefined accounts. Further UID are reserved by system for administrative and system accounts/groups.

Further /etc/passwd dissection ● Group ID (GID): The primary group ID (stored in /etc/group file) ● User ID Info: The comment field. It allow you to add extra information about the users such as user's full name, phone number etc. This field use by finger command. ● Home directory: The absolute path to the directory the user will be in when they log in. ● Command/shell: The absolute path of a command or shell (/bin/bash). Typically, this is a shell. Please note that it does not have to be a shell.

Now for the interesting: /etc/shadow ● Hashes are stored in /etc/shadow ● Again, fields are delimited by a colon (:) ● Hashing algorithm ● Password policy info is stored here.

Demo (live) ● Show /etc/shadow

/etc/shadow dissection User name : login name Password: It your encrypted (hashed) password. A blank entry (eg. ::) indicates a password is not required to log in and a * entry (eg. :*:) indicates the account has been disabled. Last password change: Days since Jan 1, 1970 that password was last changed Minimum: The minimum number of days required between password changes i.e. the number of days left before the user is allowed to change his/her password

further /etc/shadow dissection ● Maximum: The maximum number of days the password is valid (after that user is forced to change his/her password) ● Warn : The number of days before password is to expire that user is warned that his/her password must be changed ● Inactive : The number of days after password expires that account is disabled ● Expire : days since Jan 1, 1970 that account is disabled i.e. an absolute date specifying when the login may no longer be used

Pass field scrutiny test:$1$3PZX1Eun$p1jSgKeqSU5Vb3dJyk7WN/:14964:0:99999:7::: ● The $'s are the delimiters in the password field ● The value between the first two $'s is a integer that represents the hashing algorithm(id): $1$ stands for MD5, $2a$ for blowfish, $5$ for SHA-256, $6$ for SHA-512. If the id is absent, DES is used. ● The next string of characters located after the second $ and before the last $ is the salt value. The salt can be up to 16 characters depending on the algorithm. DES uses a two character salt. ● The last set of characters is the password hash. ● In other words the crypt function is: crypt($id, $salt, $pass) ● man 3 crypt

BSD's ● In BSD systems, the password database is /etc/master.passwd

Some Tools ● md5sum, shasum ● crypt() function ● useradd, usermod, userdel ● adduser - easy way, interactive ● passwd - change user password e.g. passwd ● vipw - edit /etc/passwd ● vipw -s -edit /etc/shadow ● vigr - edit /etc/group ● Manual file edits work as well, but is not advised: use vipw, vipw -s for shadow

Attacks ● Two Types: ● Offline Attacks - You have the hash(es) e.g. cracking at home ● Online Attacks - You don't have the hash(es) e.g. password guessing over a network ● Different Techniques: ● Dictionary ● Bruteforce ● Rainbow Tables

Dictionary Attacks ● A dictionary is text file with a bunch of words and/or characters. ● Another term synonymous with dictionary is wordlist. They are used interchangeably and refer to the same thing. ● The words chosen are usually common passwords. ● Once you have a hash, you run a dictionary against the hash by using a program that will generate a hash for each word in the dictionary,and compare the dictionary hashes against the password hash you have. ● If you find a match, chances are it is the password, or much less likely, possibly a collision if a poor algorithm is used. Though, either way, you'll get in because the hashes match.

Bruteforce attacks ● This is similar to the dictionary attacks except that instead of having a list, the program (the bruteforcer) generates every possible combination and hashes them. It could start with a-z, then to A-Z, then to 0-9, for each character position. ● This is by far the slowest technique ● When passwords get longer in size, the brute force possibilities get exponentially bigger with each new bit. A 4 character password would take less than 10 minutes. While a 16 character password can take years and years, even with high-end hardware. ● GPU brute forcing can help speed up the process, but when passwords get too large, it still won't make a difference. ● A good rule of thumb: Don't use passwords less than 12 characters for important accounts.

Rainbow Tables ● A rainbow table is a file that contains pre-computed hashes. ● This concept is stemmed from dictionaries, where you have the words and the program generates the hashes from the words and compares them. ● The problem with this is that your processor not only has to generate the hashes but also compares them. ● A solution to cut the workload in half is rainbow tables. Someone already generated a bunch of hashes from a dictionary. You grab the precomputed hashes. Now all your processor has to do is compare. ● A major disadvantage of rainbow tables is that tables become rather large when you get into long passwords. Good tables can be anywhere from 500 GB - 2TB's.

Demo(live) ● Let's crack some hashes!

Tools ● Offline Tools: ● John the Ripper - ● HashCat & OCL Hashcat - hashcat.net/ ● Cain & Abel - ● Rainbow Crack - ● OphCrack - ophcrack.sourceforge.net/ ● Online Tools: ● THC-Hydra - ● Medusa - ● Ncrack - nmap.org/ncrack/ ● Brutus -

Resources/Wordlists ● ● password-lists ● ●