Password Hashing

Passwords secure a system by allowing access only to those users who know the password. Typically, you can gain access to a system by following these two steps:

1. Authentication In the authentication phase, you check a username or password against a database of valid usernames and passwords. If a match comes up, you move to the second phase.

2. Authorization In the authorization phase, you check the username (or password if only passwords are used) against a database to define how much access that user is granted. First a system authenticates you, and then a system authorizes you based on your security access level.

Thus, authentication is who you are, and authorization is what you can do.

Passwords are sent to a system in one of two ways:

• Clear-text

• Encrypted

Clear-text (also called plain-text) passwords provide the weakest means of security. In Figure 9-1, the password is sent across the network without encryption. This means that anyone with a network monitor can detect the password. In Figure 9-1, the clear-text password has been captured in Ethereal (http://www.ethereal.com).

Figure 9-1. Ethereal Capturing Username and Password in Clear-Text

Note

Network monitors are commonly called packet sniffers. Sniffer is a trademark of Network General, but the popularity of the sniffer product has caused the term to become common jargon when referring to network monitors.

Encrypted passwords provide more security. The most popular means of encrypting passwords is through the use of hashing algorithms, such as MD4 and MD5. In Figure 9-2, the password is never sent across a network; rather, an algorithm is run against a password to produce a cipher text, and a portion of the cipher text is sent across the network. Often, a secret variable, called a key, is used in the algorithm to make it harder to reverse engineer.

Encrypted passwords are more difficult to crack because you have to reverse the algorithm or, more commonly, try to guess the password. This is why password cracking is better termed password guessing. Ultimately, most of your work in password cracking is attempting to guess the characters in a password.

Using Salts

Before looking at different tools to perform password cracking, you need to understand how passwords are encrypted. Because Microsoft and UNIX are the two most popular servers in the market, the discussion is limited to these two platforms.

The major difference between the two platforms is the use of salts. A salt is a random string value that is combined with a password before it is encrypted. Because the string is randomized each time a password is created, you can have two users with the same passwords but different random values. Take, for example, the output of the following /etc/shadow file on a Linux system:

whitaker:qdUYgW6vvNB.U newman:zs9RZQrI/0aH2

Both of these accounts (whitaker and newman) were created with the same password ("password"). However, because a salt was added to the password and then encrypted, the passwords are different in the password file. Thus, when a password cracker breaks one password, she cannot just look for other passwords with the same hash. Instead, she needs to crack each password separately. The increased time it takes to crack a password might deter some malicious hackers or give a security professional enough time to detect who is performing the cracking.

UNIX and its variants use salts when encrypting their passwords. Microsoft servers do not. This is why it has always been relatively easy to crack Microsoft passwords.

Microsoft Password Hashing

Microsoft performs two types of password hashing:

• Windows hashing

• LANMAN hashing

Windows hashing takes your password and converts it to Unicode. Unicode is a means to provide a unique number for every character regardless of the platform or language. This provides universality to software engineering, where developers can write a program or web page in one language using Unicode and have it easily viewed by readers in other languages. For example, the code 0041 is the capital letter A.

After the password is converted to Unicode, an MD4 algorithm is run against the Unicode string to compute a hash value. The MD4 algorithm takes the string and extends it by adding a single 1 bit followed by a number of 0 bits so that its length in bits is 64 bits short of being a multiple of 512 (448 modulo 512). Next, the first 64 bits of the original Unicode password are added again to equal a number divisible by 512. Four variables are then used in an algorithm against the new value, resulting in a hash value.

Note

To learn more about MD4 operation, read RFC 1320 at http://www.ietf.org/.

MD4 is considered a weak hashing algorithm compared to MD5. However, it is not as weak as the LANMAN hash that Microsoft uses to encrypt passwords.

LANMAN hashes have been around since NT 3.5 and are provided for backward compatibility. In Figure 9-3, the password is padded with zeros to equal 14 digits (if the password is not already 14 digits).

The password is then converted to uppercase and split into two seven-character pieces. If the password is less than seven characters, the second set is always all zeros. After you run the algorithm, all zeros equal 0xAAD3B435B51404EE. Any time you see that as part of a LANMAN password, you know that the password is equal to or less than seven characters.

Next, an 8-byte odd parity Data Encryption Standard (DES) key is calculated from each of the two halves. The resulting values are combined to get a 16-byte one-way hash.

LANMAN passwords are easier to break because you have to crack only seven characters at a time. If your password is password123, someone has to crack passwor and d123, which is much easier than attempting to crack a longer string of password123. The fewer the characters in a password, the faster it is to crack it.

Windows passwords are stored in the Security Accounts Manager database, which you can find at Windows directory\system32\config\sam. This file is locked when Windows is running, but a backup is kept in Windows directory\repair and updated every time the emergency repair disk (ERD) utility is run for updating. Windows password-cracking utilities require access to the Security Accounts Manager (SAM) database.

UNIX Password Hashing

UNIX passwords are more secure than their Windows counterparts. With UNIX systems, salts are used to generate random values when encrypting the password. Passwords are encrypted using DES.

Just running the algorithm once does not provide much security, so UNIX systems run the DES algorithm 25 times. The password is encrypted first with a 64-bit variable of all zeros. The output, combined with a random salt value, is used as input when running the algorithm the subsequent 24 times. Figure 9-4 demonstrates how DES encrypts a password.

On UNIX systems (and UNIX variants), the encrypted passwords are typically stored in the /etc/shadow file. (The older method of /etc/passwd is antiquated, and most systems use the newer shadow file method instead.)