Re: Brute force against /etc/passwd?

Jeff Simmons (jsimmons@goblin.punk.net)
Tue, 17 Jun 1997 22:23:47 -0700 (PDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Karl J. Runge: "deschall@gatekeeper.megasoft.com"
Previous message: Darryl Levi: "Macintosh PPC Performance"
In reply to: Steve Willer: "Auto-dialing from Linux"

>
> Another thing, on an unrelated note:
>
> How feasible now is a brute force attack against an individual Unix password
> encrypted with the standard Unix password hash function?
>
> In other words, how much longer does a crypt(3) take than a single encryption
> the DESCHALL client is doing now? My (Linux) man pages indicate that crypt(3)
> is a 56-bit DES hash, which would suggest to me that if 56-bit DES is broken,
> Unix password security is broken, too, and it's time for Unix in general to
> move to a much longer or slower hash.

Crypt(), which is sometimes known as crypt(3) to distinguish it from the
highly inferior crypt program, takes the user's password as an encryption
key, and uses a DES variant to encrypt a block of 64 0s twenty-five times.
The result is stored in /etc/passwd. There is a slight variant in the
standard DES tables to make the use of special DES hardware chips more
difficult.

Since a full-fledged brute force attack on a UNIX system is almost
impossible (imagine trying 2**56 different passwords at a login: prompt
without making someone suspicious) the most serious form of real world
attack is a dictionary attack. If you can get a copy of /etc/passwd (not
difficult since it has to be world readable), you start running crypt()
on a list of likely passwords until you find a match. So crypt() adds a
twelve bit number, called a 'salt', to the original password before
encryption. The result is there are 4096 different ways that any given
password can appear in the /etc/passwd file. So to create a 'dictionary'
for the password 'Mary', 4096 values must be stored in the dictionary.
Obviously, shadow passwords make obtaining a copy of /etc/passwd useless,
and /etc/shadow is NOT world readable.

So crypt() is purposefully designed to make a key search computationally
expensive, even more so than standard DES.

Of course, the weak link is password selection and hygiene. If you REALLY
want Alice's password, copy it off the post-it note on her monitor. };->

-- Jeff Simmons jsimmons@goblin.punk.net

Hey, man, got any spare CPU cycles? Help crack DES. http://www.frii.com/~rcv/deschall.html

Next message: Karl J. Runge: "deschall@gatekeeper.megasoft.com"
Previous message: Darryl Levi: "Macintosh PPC Performance"
In reply to: Steve Willer: "Auto-dialing from Linux"