Password. On a Unix system without Shadow Suite, user information including passwords is stored in the /etc/passwd file. Each line in /etc/passwd is a.

Slides:



Advertisements
Similar presentations
Point3r$. Password Introduction Passwords are a key part of any security system : –Work or Personal Strong passwords make your personal and work.
Advertisements

Password Cracking Lesson 10. Why crack passwords?
Cryptology Passwords and Authentication Prof. David Singer Dept. of Mathematics Case Western Reserve University.
CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.
Password CrackingSECURITY INNOVATION © Sidebar – Password Cracking We have discussed authentication mechanisms including authenticators. We also.
Section 3.2: Operating Systems Security
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.
Race Condition Zutao Zhu 10/09/09. Outline Race Condition –Some functions –File format of /etc/passwd and /etc/shadow –Input Redirection Format-string.
1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.
Unix Security Issues Process Creation/Space Users and Groups File Permissions Relationship of Program and File Security.
Chap 3: Key exchange protocols In most systems, we distinguish the short term keys from the long term ones: –A short term key (session key) is used to.
User Account Management WeeSan Lee. Roadmap Add An Account Delete An Account /etc/{passwd,shadow} /etc/group How To Disable An Account? Root Account Q&A.
1 Authentication CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 11, 2004.
Password Management PA Turnpike Commission
IS 302: Information Security and Trust Week 7: User Authentication (part I) 2012.
Password Management. Password Protection Virtually all multiuser systems require that a user provide not only a name or identifier (ID) but also a password.
Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 30, 2011.
CIS 450 – Network Security Chapter 8 – Password Security.
Database Security John Ortiz. Lecture 23Database Security2 Secure Passwords  Two main requirements for choosing a secure password:  1) MUST be easy.
File Protection Mechanisms  All-None Protection Lack of trustLack of trust All or nothingAll or nothing Timesharing issuesTimesharing issues ComplexityComplexity.
2/19/2003 Lecture 3 Computer System Administration Lecture 3 Setup (continued)
IT2204: Systems Administration I 1 6b). Introduction to Linux.
Mark Shtern. Passwords are the most common authentication method They are inherently insecure.
Unix System Administration Chapter 6 Adding New Users.
Passwords. Outline Objective Authentication How/Where Passwords are Used Why Password Development is Important Guidelines for Developing Passwords Summary.
Chapter 17 Security. Information Systems Cryptography Key Exchange Protocols Password Combinatorics Other Security Issues 12-2.
Password security Dr.Patrick A.H. Bours. 2 Password: Kinds of passwords Password A string of characters: PIN-code A string.
ITI-481: Unix Administration Meeting 3 Christopher Uriarte, Instructor Rutgers University Center for Applied Computing Technologies.
1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.
Users Greg Porter V1.0, 26 Jan 09. What is a user? Users “own” files and directories Permission based on “ownership” Every user has a User ID (UID) 
Password authentication Basic idea –User has a secret password –System checks password to authenticate user Issues –How is password stored? –How does system.
 Access Control 1 Access Control  Access Control 2 Access Control Two parts to access control Authentication: Are you who you say you are? – Determine.
Managing Users  Each system has two kinds of users:  Superuser (root)  Regular user  Each user has his own username, password, and permissions that.
Cpr E 308 Spring 2004 Security Unix Passwords Security across a network Cryptography – encryption and decryption.
Identification and Authentication CS432 - Security in Computing Copyright © 2005,2010 by Scott Orr and the Trustees of Indiana University.
Mitch Parks, GSEC/GCWN ITS Desktop Security Analyst
Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 30, 2011.
Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as booting or.
Chapter 3 & 6 Root Status and users File Ownership Every file has a owner and group –These give read,write, and execute priv’s to the owner, group, and.
Internet Safety. Phishing, Trojans, Spyware, Trolls, and Flame Wars—oh my! If the idea of these threats lurking around online makes you nervous, then.
Password Security. Overview What are passwords, why are they used? Different types of attacks Bad password practices to avoid Good password practices.
INTERNET SAFETY FOR KIDS
1 Chapter 9 Intruders. 2 Outline Intruders –Intrusion Techniques –Password Protection –Password Selection Strategies –Intrusion Detection Statistical.
Manually Creating a New User Account Presented by Carl South.
© 2006 ITT Educational Services Inc. Linux Operating System :: Unit 3 :: Slide 1 Downloading and Installing Software yum pirut Bit Torrent rmp.
ITI-481: Unix Administration Meeting 3 Christopher Uriarte, Instructor Rutgers University Center for Applied Computing Technologies.
Password cracking Patrick Sparrow, Matt Prestifillipo, Bill Kazmierski.
SCSC 455 Computer Security Chapter 3 User Security.
System Hacking (Gaining Access) Additions to CEH ed 8, Rev 4 CS3695 – Network Vulnerability Assessment & Risk Mitigation–
Authentication (and Unix Password Security). 2 Authentication means to establish proof of identity. We will look at these three methods of authentication.
CSC414 “Introduction to UNIX/ Linux” Lecture 6. Schedule 1. Introduction to Unix/ Linux 2. Kernel Structure and Device Drivers. 3. System and Storage.
Password Security Module 8. Objectives Explain Authentication and Authorization Provide familiarity with how passwords are used Identify the importance.
Chapter 6 Adding New Users. Computer Center, CS, NCTU 2 Steps to add a new user 1.Edit the password and group files >vipw, pw 2.Set an initial password.
Chapter 12: Authentication Basics Passwords Challenge-Response Biometrics Location Multiple Methods Computer Security: Art and Science © Matt.
CSCI 530 Lab Passwords. Overview Authentication Passwords Hashing Breaking Passwords Dictionary Hybrid Brute-Force Rainbow Tables Detection.
Managing Users CSCI N321 – System and Network Administration Copyright © 2000, 2011 by Scott Orr and the Trustees of Indiana University.
CIS 450 – Network Security Chapter 10 – UNIX Password Crackers.
 Encryption provides confidentiality  Information is unreadable to anyone without knowledge of the key  Hashing provides integrity  Verify the integrity.
Understanding Passwords ● Jonathan Schipp ● Dubois County Linux User Group ● Nov 7 th 2010 ● jonschipp (at) gmail.com.
Security Risk Assessment Determine how important your computer is to your group ● Mission critical? ● Sensitive information? ● Expensive hardware? ● Service.
Chapter 9 Intruders.
Module X (Unix/Linux Password Security)
Password Cracking Lesson 10.
IIT Indore © Neminah Hubballi
CS 465 PasswordS Last Updated: Nov 7, 2017.
Adding New Users, Storage, File System
Martus Account Set Up Benetech is a non-profit organization that develops and supports Martus, a secure information management software for human rights.
Chapter 9 Intruders.
Module 13 System and User Security
Administering Users and Groups
Presentation transcript:

Password

On a Unix system without Shadow Suite, user information including passwords is stored in the /etc/passwd file. Each line in /etc/passwd is a colon- separated record. The fields are –Username –Encrypted password –User ID –Group ID

–Comment (often user name) –Home directory –Default shell Example Jdoe:2bT1cMw8zeSdw:500:500:John Doe:/home/jdoe:/bin/bash Password is stored in an encoded format. One way hash function –Computation is easy in the encoding direction. –Time consuming to calculate in the reverse direction.

Unix crypt() function –Take the first 8 characters of the password –Concatenates the low 7-bits of each of these 8 characters into a 56-bit key. –Using this key, a sequence of 64-zero-bits is encrypted into a 64-bit code. Use DES 25 times with permutation permutation is encoded in two characters called salt. –The code is split into 11 six-bit numbers.

–Each six-bit number is stored as a char q[i]  {.,/,0-9,A-Z,a-z}. –The salt value is prepended resulting in a sequence of 13 characters. –Example Salt = ‘A1’ Password = ‘MyPass’ Encrypted password = ‘A1qLr2pFD.Ddw’ –If two users have the same password, the chance of them having the same slat is 1/4096. The encrypted password will probably be different.

Password Cracking –Computationally difficult to take a randomly encoded password and recover the original password. –The key space consists of 2^56 possible values. –Most password cracking strategies involve selecting common words from a dictionary (dictionary attack), or Common patterns used (e.g. testing123) –On any system with more than just a few users, at least some of the passwords will be common words (or simple variations of common words).

Password cracking Steps –System crackers simply encrypt a dictionary of words and common passwords using your salt value. –Compare the encoded passwords in your /etc/passwd file. –Some crackers even build a database for a dictionary using all 4096 salt values. –A dictionary of say 400,000 common words, names, passwords, and simple variations would easily fit into 4GB hard drive space, which cost less than HK$150.

Creating effective passwords –Avoid bad passwords Simple combination of a name, word and/or number. E.g. –Joe –Fido2000 –Testing123 – Your name and birthday. Family member’s name and birthday. Pet’s name Phone number Prevention

Character from popular films. A non-English word –Non-English word is also party of dictionary attacks. Any of the above backwards. Good password –Use at least one character from each of these character classes: a-z, A-Z, Punctuation, such as ! ( * $ 0-9 –If DES passwords are used, chose 6-8 characters.

–If MD5 is used, choose any number of characters (more than 15 is very good). A simple way to create effective passwords –Think of a phrase that is relatively obscure, but easy to remember. –It can be a line from a song, book or a movie. –Create an acronym from it, including capitalized words and punctuation. –E.g. Wake up! Time to die. Wu!T2d

Password Shadowing –Hide the encrypted passwords from view. –/etc/passwd still exists, but it does not contain encrypted passwords. An ‘x’ is put in the field. –Another file called /etc/shadow is created. Contains the encrypted passwords. Only readable by root. –Password shadowing is now considered essential for password security.

–Format of the Shadow file username: The User Name passwd: The Encoded password last: Days since Jan 1, 1970 that password was last changed may: Days before password may be changed must: Days after which password must be changed warn: Days before password is to expire that user is warned expire: Days after password expires that account is disabled disable: Days since Jan 1, 1970 that account is disabled reserved: A reserved field username:passwd:last:may:must:warn:expire:disable:reserved

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.