Difference between pages "Academic Forensics Programs - Graduate Level" and "Operating System Password Encryption"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
 
(New page: ==Unix/Linux Password File== Unix and its various clones have traditionally used the /etc/passwd file to store user account information, including passwords. Because the /etc/password file...)
 
Line 1: Line 1:
==US Programs==
+
==Unix/Linux Password File==
* California Sciences Institute
+
Unix and its various clones have traditionally used the /etc/passwd file to store user account information, including passwords. Because the /etc/password file needs to be world-readable in order for utilities such as `ls` and `finger` to work modern Unix operating systems store the encrypted passwords in 'shadow' file named /etc/shadow.
* [http://www.ini.cmu.edu/degrees/pgh_msin/index.html Carnegie Mellon University]
+
* Dartmouth College
+
* George Mason University
+
* George Washington University
+
* [http://www.jjay.cuny.edu/690.php John Jay College]
+
* [http://www.forensic.msu.edu/ Michigan State University]
+
* Naval Postgraduate School
+
* Polytechnic Institute of New York University
+
* [http://cyberforensics.purdue.edu/  Purdue University]
+
* Sam Houston State University
+
* Stevenson University
+
* Texas State University
+
* [http://ncfs.ucf.edu/ University of Central Florida]
+
* University of Massachusetts, Amherst
+
* University of New Haven
+
* [http://cs.uno.edu/research/ia.htm University of New Orleans]
+
* [http://forensics.cs.uri.edu/ University of Rhode Island]
+
* University of Texas at San Antonio
+
* Utica College [http://www.onlineuticacollege.com/programs/computer-forensics-specialization.asp [Online]]
+
* [http://www.cis.utulsa.edu/ Center for Information Security University of Tulsa]
+
* [http://forensics.wvu.edu/ West Virginia University]
+
  
==Europe==
+
{| class="wikitable" border="1"
* [http://www.cranfield.ac.uk/cds/postgraduatestudy/forensiccomputing/index.jsp Cranfield University, UK]
+
|-
* [http://www.lit.ie/departments/IT/MSC_Computing.html Limerick Institute of Technology]
+
!Username
* [http://www.studeren.uva.nl/ma-forensic-science University of Amsterdam]
+
|The user's username
* University of Bradford
+
|-
* University of East London
+
!Password
* [http://cci.ucd.ie/fcci University College Dublin]
+
|Older Unixes store the password crypt here, more modern ones use an 'x' character to denote that a shadow file is in use.
* [http://www.utm.ac.mu University of Technology, Mauritius]
+
|-
* [http://www.strath.ac.uk/science/forensicinformatics/ University of Strathclyde]
+
!UID
* [http://www.glam.ac.uk/coursedetails/685/549 University of Glamorgan, Wales, UK]
+
|The numeric user ID of the user
* [http://www.digitaleforensik.com University of Applied Sciences Albstadt-Sigmaringen, Germany], Master of Science, Digital Forensics, in cooperation with University of Mannheim and University of Tübingen, Germany
+
|-
 +
!GID
 +
|The primary numeric group ID of the user
 +
|-
 +
!GECOS Field
 +
|This is a text field which may contain information about the user such as name and contact details
 +
|-
 +
!Home directory
 +
|The user's home directory
 +
|-
 +
!Shell
 +
|The user's Unix shell
 +
|}
 +
<pre>
 +
user1:x:600:600:User 1:/home/user1:/bin/bash
 +
user2:x:601:601:User 2:/home/user2:/bin/bash
 +
admin:x:602:602:Admin Account:/home/admin:/bin/bash
 +
apache:x:603:603:Apache HTTP User:/var/www:/bin/bash
 +
someguy:x:604:604:Someguy:/home/someguy:/bin/bash
 +
</pre>
  
==Asia==
+
The password is stored as an encrypted one-way hash of the original password. When a user attempts to authenticate the password supplied is encrypted using the same algorithm and compared to the stored password crypt.
* [http://www.zu.ac.ae/main/en/colleges/colleges/college_information_technology/graduate_certificate_programs/cr_invest/intro.aspx Zayed University, UAE]
+
  
==Australasia==
+
===Unix Crypt===
* [http://www.ecu.edu.au/future-students/our-courses/browse?sq_content_src=%2BdXJsPWh0dHAlM0ElMkYlMkZ3ZWJzZXJ2aWNlcy53ZWIuZWN1LmVkdS5hdSUyRmZ1dHVyZS1zdHVkZW50cyUyRmNvdXJzZS12aWV3LnBocCUzRmlkJTNEMDAwMDAwMTQ1MSUyNmxvY2F0aW9uJTNEdG9wbGV2ZWwmYWxsPTE%3D Edith Cowan University, Perth, Western Australia ]
+
The most commonly used password encryption in Unix for many year was crypt(). The Unix crypt command can be used to generate the Unix crypt value for a given string.
  
==Africa==
+
<pre>
* [http://www.commerce.uct.ac.za/InformationSystems/Courses/inf4016w/ University of Cape Town]
+
jim@localhost ~
 +
$ crypt hello
 +
S84xRArsM.gtk
 +
</pre>
  
==See Also==
+
In modern computing Unix crypt is severly limited. Passwords are restricted to 8 character passwords, and any trailing character as ignored. This puts brute force attacks on Unix crypts well within the realms of possibility.
* [http://www.aafs.org/default.asp?section_id=resources&page_id=colleges_and_universities AAFS]
+
 
* [http://www.digitalforensicsassociation.org/formal-education/ Digital Forensics Association List]
+
<pre>
* [http://www.forensicfocus.com/computer-forensics-education-directory Forensics Focus List]
+
jim@localhost ~
* [http://docs.lib.purdue.edu/cgi/viewcontent.cgi?article=1010&context=techmasters&sei-redir=1#search=%22katie%20strzempka%20thesis%22 Master's Thesis: The Development of a Standard Digital Forensics Master's Curriculum]
+
$ crypt xx hellohel
 +
xxiHMKqoMTDuc
 +
 
 +
jim@localhost ~
 +
$ crypt xx hellohello
 +
xxiHMKqoMTDuc
 +
</pre>
 +
 
 +
===Salts===
 +
Unix passwords usually use what is know as a salt to help make pre-computation of password hashes more difficult.
 +
 
 +
 
 +
===MD5/SHA1===
 +
 
 +
NIS

Revision as of 05:58, 19 June 2008

Unix/Linux Password File

Unix and its various clones have traditionally used the /etc/passwd file to store user account information, including passwords. Because the /etc/password file needs to be world-readable in order for utilities such as `ls` and `finger` to work modern Unix operating systems store the encrypted passwords in 'shadow' file named /etc/shadow.

Username The user's username
Password Older Unixes store the password crypt here, more modern ones use an 'x' character to denote that a shadow file is in use.
UID The numeric user ID of the user
GID The primary numeric group ID of the user
GECOS Field This is a text field which may contain information about the user such as name and contact details
Home directory The user's home directory
Shell The user's Unix shell
user1:x:600:600:User 1:/home/user1:/bin/bash
user2:x:601:601:User 2:/home/user2:/bin/bash
admin:x:602:602:Admin Account:/home/admin:/bin/bash
apache:x:603:603:Apache HTTP User:/var/www:/bin/bash
someguy:x:604:604:Someguy:/home/someguy:/bin/bash

The password is stored as an encrypted one-way hash of the original password. When a user attempts to authenticate the password supplied is encrypted using the same algorithm and compared to the stored password crypt.

Unix Crypt

The most commonly used password encryption in Unix for many year was crypt(). The Unix crypt command can be used to generate the Unix crypt value for a given string.

jim@localhost ~
$ crypt hello
S84xRArsM.gtk

In modern computing Unix crypt is severly limited. Passwords are restricted to 8 character passwords, and any trailing character as ignored. This puts brute force attacks on Unix crypts well within the realms of possibility.

jim@localhost ~
$ crypt xx hellohel
xxiHMKqoMTDuc

jim@localhost ~
$ crypt xx hellohello
xxiHMKqoMTDuc

Salts

Unix passwords usually use what is know as a salt to help make pre-computation of password hashes more difficult.


MD5/SHA1

NIS