ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.

Difference between pages "Operating System Password Encryption" and "File:Maxtor Technological Developments.pdf"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(Salts)
 
(Whitepaper from Maxtor (freely downloadable from their site) about recent technological developments.)
 
Line 1: Line 1:
==Unix/Linux Password File==
+
Whitepaper from Maxtor (freely downloadable from their site) about recent technological developments.
Unix and its various clones have traditionally used the /etc/passwd file to store user account information, including passwords. Because the /etc/password file needs to be world-readable in order for utilities such as `ls` and `finger` to work modern Unix operating systems store the encrypted passwords in 'shadow' file named /etc/shadow.
+
 
+
{| class="wikitable" border="1"
+
|-
+
!Username
+
|The user's username
+
|-
+
!Password
+
|Older Unixes store the password crypt here, more modern ones use an 'x' character to denote that a shadow file is in use.
+
|-
+
!UID
+
|The numeric user ID of the user
+
|-
+
!GID
+
|The primary numeric group ID of the user
+
|-
+
!GECOS Field
+
|This is a text field which may contain information about the user such as name and contact details
+
|-
+
!Home directory
+
|The user's home directory
+
|-
+
!Shell
+
|The user's Unix shell
+
|}
+
<pre>
+
user1:x:600:600:User 1:/home/user1:/bin/bash
+
user2:x:601:601:User 2:/home/user2:/bin/bash
+
admin:x:602:602:Admin Account:/home/admin:/bin/bash
+
apache:x:603:603:Apache HTTP User:/var/www:/bin/bash
+
someguy:x:604:604:Someguy:/home/someguy:/bin/bash
+
</pre>
+
 
+
The password is stored as an encrypted one-way hash of the original password. When a user attempts to authenticate the password supplied is encrypted using the same algorithm and compared to the stored password crypt.
+
 
+
===Unix Crypt===
+
The most commonly used password encryption in Unix for many year was crypt(). The Unix crypt command can be used to generate the Unix crypt value for a given string.
+
 
+
<pre>
+
jim@localhost ~
+
$ crypt hello
+
S84xRArsM.gtk
+
</pre>
+
 
+
In modern computing Unix crypt is severly limited. Passwords are restricted to 8 character passwords, and any trailing character as ignored. This puts brute force attacks on Unix crypts well within the realms of possibility.
+
 
+
<pre>
+
jim@localhost ~
+
$ crypt xx hellohel
+
xxiHMKqoMTDuc
+
 
+
jim@localhost ~
+
$ crypt xx hellohello
+
xxiHMKqoMTDuc
+
</pre>
+
 
+
===Salts===
+
Unix passwords usually use what is know as a salt to help make pre-computation of password hashes more difficult. A salt is a string which is prepended to the password before it is encrypted and stored along with the password in /etc/passwd. You cannot simply pre-compute crypt() values for a list of dictionary words, you would need to pre-compute the hash for each word along with every possible salt to produce a rainbow table of Unix password hashes. The result is a number of different hashes for any given password.
+
 
+
If we use the Unix crypt command to encrypt a password and do not specify a salt then a random salt value is chosen.
+
 
+
<pre>
+
jim@localhost ~
+
$ crypt hello
+
YnxINyIeMlKCM
+
 
+
jim@localhost ~
+
$ crypt hello
+
v3njh4QHNjoWk
+
</pre>
+
 
+
The first two characters of the resulting hash are the salt and must be used when subsequently comparing a supplied password with the stored crypt.
+
 
+
<pre>
+
jim@localhost ~
+
$ crypt v3 hello
+
v3njh4QHNjoWk
+
</pre>
+
 
+
Salts can be of any length but is typically 2 characters on Unix systems, which helps to ensure compatibility across systems.
+
 
+
===MD5/SHA1===
+
 
+
NIS
+

Latest revision as of 21:43, 25 October 2008

Whitepaper from Maxtor (freely downloadable from their site) about recent technological developments.