Lecture 5. UNIX Passwords and Password Crackers

UNIX Password

1. Password File

On the UNIX platform, all user login IDs and passwords are stored in a central location -- /etc/passwd. The format of this file contains various fields:

account:coded password data:uid:gid:GCOS-field:homedir:shell
<sample portion of /etc/passwd>
kimoh:lEqsEB4g0QrNM:165:102:Kyong-ock Kim:/user3/grad/kimoh:/bin/csh
hjmoon:jh0eFHV54ZAco:161:102:Moon Hyun Jeong:/user3/grad/hjmoon:/bin/csh
juliets:jg3Q2qjlYfx9U:167:102:Juliets:/user3/grad/juliets:/bin/csh
ijbyun:ayKWDaPpMLq32:169:102:Byun Im Joo:/user3/grad/ijbyun:/bin/csh
ghimsj:PyIN/caDgwiHw:171:102:Ghim Soo Joong:/user3/grad/ghimsj:/bin/csh

To find more details about /etc/passwd, type "man -s 4 passwd" in cs machine.
The /etc/passwd file is open to general public, which is often exploited by crackers. Many systems adopt the shadowfile: all coded password data is replaced with a `*' or 'x' in /etc/passwd, and a second file /etc/shadow (the shadowfile) is used to store the password data. This file can only be read with sufficient privileges so that normal users cannot get the crypted passwords. Its format is:
username:password:lastchg:min:max:warn:inactive:expire:flag
To find more details about /etc/shadow, type "man shadow" in cs machine.
<sample portion of /etc/passwd and /etc/shadow>
kimoh:x:165:102:Kyong-ock Kim:/user3/grad/kimoh:/bin/csh hjmoon:x:161:102:Moon Hyun Jeong:/user3/grad/hjmoon:/bin/csh juliets:x:167:102:Juliets:/user3/grad/juliets:/bin/csh ijbyun:x:169:102:Byun Im Joo:/user3/grad/ijbyun:/bin/csh ghimsj:x:171:102:Ghim Soo Joong:/user3/grad/ghimsj:/bin/csh kimoh:lEqsEB4g0QrNM:10424:::::: hjmoon:jh0eFHV54ZAco:9938:::::: juliets:jg3Q2qjlYfx9U:10032:::::: ijbyun:ayKWDaPpMLq32:9938:::::: ghimsj:PyIN/caDgwiHw:9938::::::

2. UNIX Password Format

13 bytes of plain ASCII characters:
2 bytes for base 64 encoding of 12-bit salt
11 bytes for base 64 encoding of 64-bit DES output
12-bit salt is randomly generated when a new password is submitted.
base 64 (or Radix-64) encoding:
one of the ASCII encoding methods of binary data, which converts each 6-bit in the binary data into one of the 64 printable characters [A-Za-z0-9+/]

0~25: A-Z
26~51: a-z
52~61: 0-9
62,63 : +,/
padding symbol: =

3. UNIX Password Encryption Algorithm

(1) Generation of the encrypted password
obtain a password from the user;
generate a 12-bit salt;
adjust E-table in DES using salt;
data <- 64 bits of 0s;
repeat the following 25 times
data <- modified-DES(data, password as key);
encoded-password-data <- base64encode(salt || data);
store login-id and encoded-password-data in /etc/passwd;

(2) Checking the password at user login
obtain the login-id and password from a user;
lookup login-id in /etc/passwd,
          and get encoded-password-data;
convert the first two bytes of encoded-password-data into salt;
adjust E-table in DES using salt;
data <- 64 bits of 0s;
repeat the following 25 times
    data <- modified-DES(data, password as key);
computed-password-data <- base64encode(salt || data)
compare computed-password-data and encoded-password-data;
if failed, give some delay;
(3) Why do they add salt? Why 25 times?

The salt prevents duplicate passwords from being visible.

The salt prevents the use of a mass-produced hardware implementation of DES in password cracking.

Repeating DES 25 times makes the password cracking 25 times harder.

     Question
William Stallings claimed in Network and Internetwork Security (2ed), Prentice-Hall, 1995, p. 215 that

The salt effectively increases the length of the password without requiring the user to remember two additional characters. Hence, the number of possible passwords is increased by a factor of 4,096, increasing the difficulty of guessing a password.

Does his claim make sense to you?
(4) UNIX crypt(3C)

UNIX library function
char *crypt(const char *key, const char *salt);
performs:
adjust E-table in DES using salt;
data <- 64 bits of 0s;
repeat the following 25 times
    data <- modified-DES(data, password as key);
encoded-password-data <- base64encode(salt || data);
NOTE:

crypt(1) is a command for encrypting/decrypting a file, which implements a one-rotor machine designed along the lines of the German Enigma, but with a 256-element rotor. Methods of attack on such machines are widely known, thus crypt(1) provides minimal security.

To encrypt a file:
      crypt key < src-file > encrypted-dst-file

To decrypt a file:
      crypt key < encrypted-dst-file > src-file

To find more about crypt(1):
                man crypt

Or you may try reading a C source.

To find more about crypt(3C):
                man -s 3C crypt

Or you may try reading a C source.

The Password-Cracking or Password-Guessing Process

1. The Mechanics of Password Cracking

The process works as follows:

You obtain a dictionary file, which is really no more than a flat file (plain text) list of words (these are commonly referred to as wordlists).
These words are fed through any number of programs that encrypt each word. Such encryption conforms to the DES standard.
Each resulting encrypted word is compared with the target password. If a match occurs, there is better than a 90 percent chance that the password was cracked.

2. Word Composition Rules

rule

Alternate upper- and lowercase lettering.
Spell the word forward and then backward, and then fuse the two results (for example: cannac).
Add the number 1 to the beginning and/or end of each word.

Naturally, the more rules one applies to the words, the longer the cracking process takes. However, more rules also guarantee a higher likelihood of success.

3. Word Lists

Some crackers come with several word lists, generally consisting of dictionary words and proper names. Crackers typically add login-id and the words in GCOS field to the word list.

The UNIX Password Crackers

1. Crack by Alec Muffett (crack-4.1.tar.gz,crack-5.0.tar.gz)

Crack is for use on UNIX platforms only.
usage: Crack password-file
Comes with scripts to combine passwd and shadow files into a traditional passwd file
Features include:

running in a network mode
generating E-Mail a warning message to anyone whose password is cracked
recovering from crashes

2. CrackerJack by Jackal

CrackerJack is a renowned UNIX password cracker designed expressly for the DOS platform.

Other Types of Password Crackers

1. ZipCrack by Michael A. Quinlan (zipcrk10.zip)

cracks the password on files generated with PKZIP.

2. Decrypt by Gabriel Fineman (decrypt.zip)

breaks WordPerfect passwords.

3. Glide (Author Unknown: http://www.iaehv.nl/users/rvdpeet/unrelate/glide.zip)

This program is used exclusively to crack PWL files, which are password files generated in Microsoft Windows for Workgroups and later versions of Windows.

4. AMI Decode (Author Unknown: amidecod.zip)

The AMI Decode utility is designed expressly to grab the CMOS password from any machine using an American Megatrends BIOS. The factory-default CMOS password is often AMI.

5. NetCrack by James O'Kane (netcrack.zip)

NetCrack is an interesting utility for use on the Novell NetWare platform. It applies a brute-force attack.

6. PGPCrack by Mark Miller

Pretty Good Privacy (PGP) is probably the strongest and most reliable encryption utility available to the public sector. PGP uses (typically long) passphrases instead of passwords as encryption key. But, poor users often use very short passwords. That is when PGPCrack is of use.

7. Password Cracker for Early Versions of HWP

unhwp.exe for HWP 1.5 Encryption

code21.exe for HWP 2.1 Encryption

Other Attacks on Passwords

1. Sniffer

2. Virtual Memory System

3. WS_FTP

4. SnadBoy's Revelation