password security in *nix systems?

I have a question regarding password safety and encrypting in unix and
unix-like systems.

Today I heard a story about a guy who had broken into the computer
systems of a large corporation. The story teller claimed this guy had
managed to download, among other things, complete lists of all
unix accounts and the corresponding passwords.

I have been a unix user since the 1980s and I have been told by
various support persons that in unix the passwords are encrypted
and if I forget mine I have to get a new, temporary one from my
administrator because there is no way to look up and decrypt my
password.

What is the truth on this matter?

--
================================================== ======================
Martin Schöön <Martin.Schoon@gmail.com>

"Problems worthy of attack
prove their worth by hitting back"
Piet Hein
================================================== ======================

On Wed, 16 Nov 2005 13:12:21 +0100, Schöön Martin wrote:

> I have a question regarding password safety and encrypting in unix and
> unix-like systems.
>
> Today I heard a story about a guy who had broken into the computer
> systems of a large corporation. The story teller claimed this guy had
> managed to download, among other things, complete lists of all
> unix accounts and the corresponding passwords.
>
> I have been a unix user since the 1980s and I have been told by
> various support persons that in unix the passwords are encrypted
> and if I forget mine I have to get a new, temporary one from my
> administrator because there is no way to look up and decrypt my
> password.
>
> What is the truth on this matter?

Passwords on linux are saved in a hashed form. You can think of that as a
lossy encryption if you like. There is no unique way back from the hash to
the password.

However, if someone has a copy of all the passwords for a machine, they
can attempt at their leisure to crack them using brute force. That means
trying lots of possible passwords out to see if they generate a match to
the hashes in the list. There are several programs out there that do this
for you, e.g. Jack-the-ripper. The most common passwords are all likely to
crackable this way, given enough time.

HTH

Simon Bone

First of all: Apologies to Martin for emailing my reply instead of
posting here. I really should just disable mailing replies!

Passwords are encrypted using a technique called hashing, which is a
function which is very easy to do one way but very hard to reverse.
This is so that if someone gets the password list, it's hard to work
out what the passwords are from that. However, to check a login, the
system merely needs to hash the password you enter and compare it to
the stored value. This is why new passwords are assigned when you
forget one.

The problem is that with sufficient computing time, it's possible to
check a list of possible passwords against a known password hash -
thus, passwords aren't all that secure if someone has the password
file. There are several defences against this:

* Ensuring that passwords are strong so they'll be hard to crack quickly
* Using algorithms which take a while to hash, to make computation
slower for the cracker
* Change passwords regularly enough that an old password file quickly
becomes useless
* Make sure that normal users cannot see the password file

It's pretty hard to get into a computer and get the password list - so
either this cracker was an ex-admin there or he managed to get root
access through an unsecured service - at which point, the password
file is just a bonus.

The biggest security worry is for those users who use the same
password for other things which are important, and where the cracker
might guess what those thing are and the usernames.

I hope that's what you were looking for!


~Ed

Martin.Schoon@gmail.com (=?iso-8859-1?q?Sch=F6=F6n?= Martin) writes:

>I have a question regarding password safety and encrypting in unix and
>unix-like systems.

>Today I heard a story about a guy who had broken into the computer
>systems of a large corporation. The story teller claimed this guy had
>managed to download, among other things, complete lists of all
>unix accounts and the corresponding passwords.

Sure. hashed passwords. They then have to run an exhaustive search against
the hashed list to discover the actual password. I am not sure why anyone
believes anything that a "freind who heard it from a sister in law who
heard it from her milkman" says.

>I have been a unix user since the 1980s and I have been told by
>various support persons that in unix the passwords are encrypted

It is hashed not encrypted. If it were encrypted it could be recovered.
It cannot be exccept by testing all possible passwords against the hash and
finding the one that works. On the other hand if you used mommy as your
password, it is easily found.

>and if I forget mine I have to get a new, temporary one from my
>administrator because there is no way to look up and decrypt my
>password.

>What is the truth on this matter?

Schöön Martin wrote:
> I have a question regarding password safety and encrypting in unix and
> unix-like systems.
>
> Today I heard a story about a guy who had broken into the computer
> systems of a large corporation. The story teller claimed this guy had
> managed to download, among other things, complete lists of all
> unix accounts and the corresponding passwords.
>
> I have been a unix user since the 1980s and I have been told by
> various support persons that in unix the passwords are encrypted
> and if I forget mine I have to get a new, temporary one from my
> administrator because there is no way to look up and decrypt my
> password.
>
> What is the truth on this matter?
>
I beleive a hashed password is a one-way deal. It can't resolved
"backwards". Some md5, etc yoda would be able to confirm/deny that, or
shed more light on it.
Usually, when we explain that password problem to a user, we just say
that it's encrypted because that makes sense to the user. To go into
hashing and so on is a waste of the users time. I'm sure thats the
origin of the post in question.....

DM <dont_spam_me@reply_to_group.instead> writes:

> Some md5, etc yoda would be able to confirm/deny that, or shed more
> light on it.

Based on mathematical functions they are. Deduce input from output
you cannot. To crack, every input try you must. Thus useful for
password storage they are!

For understanding, read this you may:

http://en.wikipedia.org/wiki/Hashing_function

Edward Leiper wrote:
> DM <dont_spam_me@reply_to_group.instead> writes:
>> Some md5, etc yoda would be able to confirm/deny that, or shed more
>> light on it.
>
> Based on mathematical functions they are. Deduce input from output
> you cannot. To crack, every input try you must.

Except that folks use dumb passwords, so if you have a list
of the most popular passwords, you can push them thru
the hash (even with the salt) and just compare the results
to what is in the shadow password file.


--
Pat

Edward Leiper wrote:
> DM <dont_spam_me@reply_to_group.instead> writes:
>
>
>>Some md5, etc yoda would be able to confirm/deny that, or shed more
>>light on it.
>
>
> Based on mathematical functions they are. Deduce input from output
> you cannot. To crack, every input try you must. Thus useful for
> password storage they are!
>
> For understanding, read this you may:
>
> http://en.wikipedia.org/wiki/Hashing_function
Very cute. The wikipedia.org is a wonder. It will become (if it isn't
already) a world treasure.

One very important not about passwords. If you have a stupid password,
like your login name and someone knows your logion name, your are dead
meat. If you have a short stupid password you are at risk. If you have a
fairly complex longish password you are probably pretty safe.

I had one user named Alan whose user name was "alan" and who changed his
password to "alan". An SSH script exploit got into his user account.
Luckily there wasn't anything interesting there and the invader got no
further and went elsewhere.

Since then I no longer let users change their passwords, and I give them
reasonably strong passwords with upper and lower case, punctuation, and
numbers. I change their passwords monthly. I have restricted SSH logins,
and use public/private keys only (no more passwords). My users aren't
happy, but they (and my systems) are much safer.

A strong password and good system policies are a pretty hard nut to
crack. On the other hand weak passwords and no policy is asking for
visitors.

If your system uses MD5 passwords and shadow files that are only
readable by root you are pretty safe as long as you have a really good
root password and change it once in a while.

That's my opinion, I could be wrong.

sbc-newsgroups wrote:
> Since then I no longer let users change their passwords, and I give them
> reasonably strong passwords with upper and lower case, punctuation, and
> numbers. I change their passwords monthly. I have restricted SSH logins,
> and use public/private keys only (no more passwords). My users aren't
> happy, but they (and my systems) are much safer.
>
> That's my opinion, I could be wrong.

You are correct that your users aren't happy.

Rapid password changes are not necessarily a good thing.
It takes a long time and a lot of uses to memorize
most strong passwords. Users typically write them
on a sticky note and put it on the monitor.

There is a tradeoff between frequency of change and value
to the user to put the mental effort into memorizing the
password. Using a generator that makes mnemonic or pronouceable
passwords makes it easier on your users.

Social engineering is much easier to crack than cryptography.


--
Pat

sbc-newsgroups <barton@applitec.com> writes:

>Edward Leiper wrote:
>> DM <dont_spam_me@reply_to_group.instead> writes:
>>
>>
>>>Some md5, etc yoda would be able to confirm/deny that, or shed more
>>>light on it.
>>
>>
>> Based on mathematical functions they are. Deduce input from output
>> you cannot. To crack, every input try you must. Thus useful for
>> password storage they are!
>>
>> For understanding, read this you may:
>>
>> http://en.wikipedia.org/wiki/Hashing_function
>Very cute. The wikipedia.org is a wonder. It will become (if it isn't
>already) a world treasure.

>One very important not about passwords. If you have a stupid password,
>like your login name and someone knows your logion name, your are dead
>meat. If you have a short stupid password you are at risk. If you have a
>fairly complex longish password you are probably pretty safe.

>I had one user named Alan whose user name was "alan" and who changed his
>password to "alan". An SSH script exploit got into his user account.
>Luckily there wasn't anything interesting there and the invader got no
>further and went elsewhere.

Most systems have, via pam, a password checking routine which will catch
such stupidity.


>Since then I no longer let users change their passwords, and I give them
>reasonably strong passwords with upper and lower case, punctuation, and
>numbers. I change their passwords monthly. I have restricted SSH logins,
>and use public/private keys only (no more passwords). My users aren't
>happy, but they (and my systems) are much safer.

Not sure that they are. They are safer against dictionary attacks but those
are not the only attack vectors. Writing down passwords, which I guarentee
is happening in your case, is another vector, especially from local people,
but also from people stealing wallets.


>A strong password and good system policies are a pretty hard nut to
>crack. On the other hand weak passwords and no policy is asking for
>visitors.

>If your system uses MD5 passwords and shadow files that are only
>readable by root you are pretty safe as long as you have a really good
>root password and change it once in a while.

>That's my opinion, I could be wrong.