|
|
| Author |
Message |
| 25 new of 222 responses total. |
spooked
|
|
response 138 of 222:
| 
Jun 8 00:41 UTC 2000 |
I was wondering, I had a suspicion they were, but not sure. Marcus? (:
|
scg
|
|
response 139 of 222:
|
Jun 8 00:49 UTC 2000 |
My impression is that by default most but not all Unix systems use the same
hashing algorythm. There's a good standardization argument for that, since
it allows password files to be moved between systems, but I suspect it has
more to do with people creating new Unix systems tending to reuse stuff from
older systems.
However, there is nothing stopping somebody from writing their own crypt()
function. Some systems are different from others, by default. Grex has its
own password encryption function that Marcus wrote, in order to be less useful
to somebody trying to run crack on stuff here.
|
spooked
|
|
response 140 of 222:
|
Jun 8 00:51 UTC 2000 |
Yep, thanks Steve. Like I thought.
|
janc
|
|
response 141 of 222:
|
Jun 8 03:43 UTC 2000 |
Most Unix systems use crypt, which is derived from DES. Most systems
don't meddle with it, because creating good encryption algorithms is a
very subtle and sophisticated art. In many, many cases if you try to
make "improvements" you may be weakening it instead. So most people are
well advised not to fiddle with these things.
Grex has been through no less than three password encryption algorithms.
The original one was the standard Unix one, which takes the first eight
characters of your password, and converts them into a 14 character
gobbilty gook string (of which only 12 characters really count).
When we switched over to the shadow password system, we also started
using the "encrypt" password encryption algorithm that came with that.
This wanted to use more than eight characters of your password, so it
encrypted the first eight, and then the second eight with the old crypt
algorithm, giving two 12 character strings, and stored them both.
That's better, right? Wrong. In practice, if people's password is
longer than eight characters, it is usually only a few characters long.
So the second crypt is usually an encryption of strings only a few
characters long - hence easy to crack. Knowing the last few letters of
someone's password actually makes guessing the first eight easier. So
the net effect of this "improved" algorithm is that it is weaker than
the original.
Marcus replaced that with his own algorithm, which also uses more than
the first eight letters, but does it much more intelligently. It's
based on a well-established encryption algorithm called SHA.
If you want to know everything there is to know about how Grex encrypts
and stores passwords, see
http://www.cyberspace.org/staffnote/passwd.html
I've seen some talk about Linux systems using MD5 password encryption,
and various other Unix versions have used various other password
encryption techniques.
|
mdw
|
|
response 142 of 222:
|
Jun 8 03:47 UTC 2000 |
For a long time, the "standard" unix crypt() function used a version of
DES that had been hacked by the bell labs folks to randomly permute the
S table 4096 different ways (using a 12-bit value randomly generated and
stored as the first two characters of the hashed password). Many years
after the initial algorithm, after some of the properties of DES were
better understood, it was found that scrambling the S box the way bell
labs had done it actually weakened DES, but I don't think anyone ever
came up with a serious attack on crypt() based on this. More serious
problems (in practice) included the fact that since crypt() used des,
the US gov't claimed jurisdiction based on ITAR, which complicated
distribution. This wasn't a problem for binary-only distributions of
Unix though since crypt() is only used for authentication not encryption
and there are special loopholes in ITAR for authentication-only systems.
This was an issue for linux and 386bsd however. Other problems included
the inherent weakness of DES (against today's greatly enhanced CPU
power, which renders DES vulnerable to brute-force attacks), and the
widespread deployment of "crack", which made des-based crypt Unix
password files the stuff of dreams for vandals. Since there are "only"
4096 different salts, "crack" could be optimized for attack against
large password files. An additional weakness of crypt() is that it only
uses 56 bits of key information from the user password - meaning it only
works with passwords of up to 8 characters in length. Indeed,
getpass(), which is the "standard" unix function to get a password, also
has this 8 character limit wired in.
Modern versions of bsd, and very probably some versions of linux by now,
support a number of other hash algorithms in addition to the standard
des based crypt - these additional algorithms often include a larger
salt (making it harder to optimize crack), use of stronger cryptographic
functions such as md5, sha-1, or blowfish, and support for passwords of
more than 8 characters.
The hash algorithm we use here on grex differs from bsd, because the bsd
functions use the same keyspace on every machine and because they
weren't obviously adaptable for use with kerberos. The grex function
was designed to faciliate its use with kerberos in the future, so when
we migrate to that, we should be able to just dump the current shadow
file into kerberos and and not require that people change their
password.
|
keesan
|
|
response 143 of 222:
|
Jun 9 00:54 UTC 2000 |
I had no trouble getting grex to accept a password from a language that has
dictionaries (in transcription) and another account accepted a password from
another language that uses the Latin alphabet. I don't see why grex should
scan every language of Europe into its password computer. Grex might,
however, want to prevent people from using passwords with an obvious relation
to logins. Is there some program to prevent this?
It is taking much longer than usual for the login script to appear when I dial
in, or maybe it only seems that way because there is no wait message.
|
jmsaul
|
|
response 144 of 222:
|
Jun 9 01:49 UTC 2000 |
There are a number of potential bad passwords that it's very hard to scan for.
Words in languages other than English are a problem, because it's difficult
to put every language in the world into your scanning program, but you never
know what some script kiddie will come up with a handy Basque dictionary or
something. Other bad passwords are only bad for a specific user -- words
related to their loginid, names of pets, words with significance obvious to
anyone who reads the person's web page, etc. -- and they're pretty much
impossible to check for. That's why some password programs insist on numeric
characters and/or characters that aren't alpha-numeric: it cuts down on the
worst possibilities.
|
mdw
|
|
response 145 of 222:
|
Jun 9 02:08 UTC 2000 |
passwd does check for passwords that bear an "obvious" relationship to
the loginid. When I was collecting word lists out on the web, I didn't
succeed in finding a word list for every european language, nor every
language that can be transcribed using the latin alphabet. I do see in
checking that I actually do have a much better word list that somehow
never made it onto grex. Perhaps I'll do so in due course (my best
collection of words does include japanese & some swahili, among other
things.)
|
gull
|
|
response 146 of 222:
|
Jun 9 04:36 UTC 2000 |
I was going to change my password on a RedHat system, but got frustrated and
ended up leaving it. The reason is that it kept insisting my new passworld
was "too similar to the old one." They had practically nothing in common
that I could see, except for both using a capital letter as their first
character. Bah. :P I have better things to do than play "guess what I want
you to do" with a program that wants to pretend to be smarter than it is.
Grex's passwd program is quite tolerable by comparison.
|
bdh3
|
|
response 147 of 222:
|
Jun 9 04:55 UTC 2000 |
Any password that is a 'word' as spelled in a dictionary
in any language is a bad password as crack can be used
to crack it. Years ago when I ran against a large unix
password file it cracked about 25% with just an english
dictionary. When I added spanish, french, german, russian,
and a 'jargon/technical' dictionary the crack rate was close
to doubled.
|
steve
|
|
response 148 of 222:
|
Jun 9 05:51 UTC 2000 |
I believe that. Recently I have seen dictionary files for
most (and I do mean most) of the languages in Africa, eastern
european languages, and some native american. No password that
is a word in any language is safe. Not any more.
|
bdh3
|
|
response 149 of 222:
|
Jun 9 09:52 UTC 2000 |
(perhaps a separate item discussing the pitfalls of
any password that is a 'word'?)
|
tpryan
|
|
response 150 of 222:
|
Jun 9 11:26 UTC 2000 |
Why would machines allow hundreds of attempts on an account
without shutting down the connection? Anything beyond 5 attempts is
reason to disconnect.
|
keesan
|
|
response 151 of 222:
|
Jun 9 14:46 UTC 2000 |
Grex accepted a common Bulgarian word (in BGN transcription). I have not
tried it yet on Albanian or Latvian or Finnish or even Romanian. How long
would it take someone to find my password if they were told it was in a
language of Europe, even one that does not need to be transliterated?
English, German, Dutch, Swedish, Norwegian, Danish, Icelandic, French, Basque,
Romansh (sp?), Portuguese, Spanish, Italian, Romanian, ten Slavic languages,
Finnish, Hungarian, Latvian, Lithuanian, Latin, modern and ancient Greek,
Albanian, Turkish, Welsh, Scots Gaelic, Irish Gaelic - and let's not forget
every possible verbal ending (I used a verb with an ending in some other
account) and plurals and adjective endings. Grex does accept combinations
of English words with numbers. Like tpryan says, if you only give someone
5 guesses, there is no need to worry about other languages.
|
krj
|
|
response 152 of 222:
|
Jun 9 15:33 UTC 2000 |
In a sophisticated attack, the encrypted password file would be taken
off of Grex so the thief could play with it as long as he wanted.
|
jmsaul
|
|
response 153 of 222:
|
Jun 9 16:09 UTC 2000 |
WHat he said. If you care about the security of your account, do not use
words in other languages.
|
keesan
|
|
response 154 of 222:
|
Jun 9 17:33 UTC 2000 |
So why would anyone want to waste time feeding every dictionary in the library
into their scanner so as to be able to read my email? After that, theywould
need several dictionaries to read the email (and grammar books).
|
jmsaul
|
|
response 155 of 222:
|
Jun 9 17:39 UTC 2000 |
They don't necessarily care about you personally. They may just want an
account to work from so some other sucker gets the blame for what they're
doing. They'd use other dictionaries simply because more dictionaries will
bag them more passwords.
As for whether they could read your email if they wanted to, keep in mind that
the US does not have a monopoly on computer access or skills. The intruder
who hits you might be a native speaker of whatever language your email is in.
There are a heck of a lot of Russian script-kiddies out there, and there are
even some working out of other slavic-speaking countries as well.
|
drew
|
|
response 156 of 222:
|
Jun 9 19:11 UTC 2000 |
'sides which, they'd already have the dictionaries they need - they used them
in the crack program.
|
omni
|
|
response 157 of 222:
|
Jun 9 19:31 UTC 2000 |
re 154 There are things called scanners which can enter dictionaries without
too much effort.
|
keesan
|
|
response 158 of 222:
|
Jun 9 19:36 UTC 2000 |
Re 157, I mentioned scanners in 154. :]
For what it is worth, i am not currently using a Bulgarian password.
|
mdw
|
|
response 159 of 222:
|
Jun 9 23:57 UTC 2000 |
Most vandals would not care about keesan in particular. They would
merely be trying the largest collection of words they can acquire
against what they hope are the hashed passwords from grex. If they
acquire the password to a real account, they hope to be able to log in,
read through your e-mail to see where else you might have an account, or
who your friends are, and they may then try to leverage your access to
also gain access themselves to that machine. This is, in fact, how
gryps was initially compromised - a site elsewhere was compromised, a
grex staff member happened to have access at that site, and the vandal
discovered the grex staff person's password was the same on gryps.
Obviously, this is now fixed, but this is a good illustration of the
line of attack many vandals pursue.
|
keesan
|
|
response 160 of 222:
|
Jun 10 01:23 UTC 2000 |
Does this mean we should not use the same passwords on grex and elsewhere?
(How does one keep straight all ones passwords if they are different?)
|
mdw
|
|
response 161 of 222:
|
Jun 10 02:13 UTC 2000 |
(1) yes. (2) don't use a system that would be obvious to a vandal. Ie,
"this is my grex password" would probably pass the grex password test,
but a vandal might well guess that your nether.net password is something
along the lines of "this is my nether.net password".
|
void
|
|
response 162 of 222:
|
Jun 10 02:39 UTC 2000 |
one way to keep track of passwords is to make them out of phrases
which are meaningful to you, but which others, especially complete
strangers, are not likely to guess. for instance, if your great-aunt
from poughkeepsie always called you her little pink snickerdoodle, or
something equally silly, you could easily turn that into a password
along the lines of "ltpnksnrdl," assuming a system allowed passwords
that long. you'd also have a built-in mnemonic for remembering the
password. or, if for some reason you had managed to strongly associate
grex with, say, fast-food restaurants, you could turn "would you like
fries with that?" into "wylfwt?" and have another sort of built-in
mnemonic for remembering the password.
|
