Password Crackers

I l @ ve RuBoard

Passwords are most computer systems' primary method of authentication. You can gain access by identifying who you are, your login, and then by telling the computer a secret shared between only you and the computer: your password.

You are expected to keep your password secret by not telling anyone or by writing it down. The computer keeps the password secret by using strong encryption methods when storing the password.

Password Encryption History

Originally, UNIX password encryption was based on the M-209 rotor cipher that was used in World War II. However, by the late 1970s, computers had become fast enough for this algorithm to be executed very quickly, and this opened the door for password guessing.

In 1979, Robert Morris, Sr., and Ken Thompson wrote a paper, published in the Communications of the ACM , that described a new one-way function to encrypt UNIX passwords based on the National Bureau of Standards Data Encryption Standard (DES) algorithm. UNIX systems continue to use a variant of the DES algorithm today. The user 's password is used as the DES key to encrypt a constant. The algorithm iterates 25 times the DES's internal 16 iterations for a total of 400 iterations, so the algorithm is slow enough to discourage guessing.

Since 1979, computers have continued to increase in speed at an accelerating rate. Today, single CPU systems are 150 times faster. This means that even a slow algorithm computes quickly. In addition, new implementations of the DES encryption algorithm have been developed that increase its speed. Where as the VAX 11/780 could execute about 1.5 encryptions per second, today's multi-CPU systems have reported the ability to do millions of encryptions per second.

Many Possible Passwords

The input to the password encryption algorithm is the user's password. This is limited to the 7-bit ASCII character set, basically the printable characters that are available on a keyboard. There are 128 of these characters. The maximum length of the password is 8 characters, so there are over 72,000,000,000,000,000 possible passwords. Added to each password is a salt which is one of 4096 different values, which adds more complexity to the encryption algorithm. The password and salt are actually used as the key to the encryption algorithm. This key is used to encrypt the numeric value zero. The output from the algorithm is a 13-character string, the first 2 of which are the salt. The characters in this string are composed of characters from a 64-character set including the upper- and lower-case letters , the numerals, and the period, and the slash.

New password algorithms expand the number of possible passwords by allowing longer passwords. However, this is only helpful if the password selection uses the added features and longer passwords.

The encryption algorithm cannot be reverse-engineered, so passwords are actually guessed. This is an automated process of guessing the most likely passwords. This is successful because even though there are over 300 quadrillion possible passwords, users are rarely educated on the wise selection of passwords and select passwords from only a minuscule percentage of those possible passwords.

Password Cracking

The UNIX password encryption scheme is not actually broken cryptographically . Cracking is actually an automated process of guessing the most likely passwords. Usually a dictionary search is used with certain enhancements. These enhancements include the methods for improving passwords that have been promoted for years . Some of these are changing the letters S, O, and I for the numerals 5, 0 and 1. If the attack is against a machine in a specific industry, the attacker may utilize an industry-specific dictionary. A password cracker is a standard part of any hacker's toolkit.

Password Guessing

A password cracker will use all the information available about the user, trying the user's name , initials , account name, and any other personal information known. This information will be gathered from the GECOS field and from files in the user's home directory. This information will be processed through the permutations listed below.

A password cracker will try a dictionary search. The dictionary will be slanted based on the experiences of the hacker and the knowledge of the system being attacked . The dictionary will include common first names ; characters, titles, and locations from works of fiction , television and film, cartoons, and computer games ; sports terms; and terms based on the industry in which the computer is being used.

All of the above words will be permuted in the following manner:

  • Varying of upper- and lower-case letters.

  • Reversing the spelling.

  • Substituting the numerals 0, 1, 2, and 5 for the letters o, i, z and s in the word.

  • Appending a single digit to the word.

  • Pairing two words and separating them with a special character.

Since passwords are the primary defense against outsiders, there have been numerous studies done on the subject. Studies show that between 25 and 30 percent of passwords will be cracked using this process.

Crack, one of the early password crackers, was developed by Alec Muffett and is still widely used. It institutes the variants described above to common words in the supplied dictionary. Crack takes as its input a series of password files and source dictionaries. It merges the dictionaries, turns the password files into a sorted list, and generates lists of possible passwords from the merged dictionary or from information gleaned about users from the password file. It is available on the included CD-ROM.

I l @ ve RuBoard


Halting the Hacker. A Practical Guide to Computer Security
Halting the Hacker: A Practical Guide to Computer Security (2nd Edition)
ISBN: 0130464163
EAN: 2147483647
Year: 2002
Pages: 210

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net