Security Basics mailing list archives

Re: password cracking: one char at a time.

From: Gilbert Fernandes <gilbert.fernandes () spamcop net>
Date: Sat, 26 Nov 2005 15:01:38 +0100

What are salt bits?


Note: when asking a question, please only quote the useful and
interesting parts. Quoting a full message just to ask one question
about a subset of the message is not advised by the rules of
Netiquette (Google will tell you more about this).

The salt bits where added to the password before using DES.
The old Unices did use DES and the crypt() function and
salt bits were added to avoid two identical passwords from
two users to appear the same once encrypted.

http://www.unix.org.ua/orelly/networking/puis/ch08_06.htm

Here is an excerp about salt :

----8>----8>----8>----8>----8>----8>----8>----8>----8>

8.6.2 What Is Salt?

As table salt adds zest to popcorn, the salt that Morris and Thompson
sprinkled into the DES algorithm added a little more spice and variety.
The DES salt is a 12-bit number, between 0 and 4095, which slightly
changes the result of the DES function. Each of the 4096 different
salts makes a password encrypt a different way.

When you change your password, the /bin/passwd program selects a salt
based on the time of day. The salt is converted into a two-character
string and is stored in the /etc/passwd file along with the encrypted
"password."[10] In this manner, when you type your password at login
time, the same salt is used again. UNIX stores the salt as the first
two characters of the encrypted password.

[10] By now, you know that what is stored in the /etc/passwd file is not
really the encrypted password. However, everyone calls it that, and we
will do the same from here on. Otherwise, we'll need to keep typing
"the superencrypted block of zeros that is used to verify the user's
password" everywhere in the book, filling many extra pages and
contributing to the premature demise of yet more trees.

Table 8.2 shows how a few different words encrypt with different salts.
Table 8.2: Passwords and Salts

Password  Salt  Encrypted Password
nutmeg    Mi    MiqkFWCm1fNJI
ellen1    ri    ri79KNd7V6.Sk
Sharon    ./    ./2aN7ysff3qM
norahs    am    amfIADT2iqjAf
norahs    7a    7azfT5tIdyh0I

Notice that the last password, norahs, was encrypted two different ways
with two different salts.

Having a salt means that the same password can encrypt in 4096 different
ways. This makes it much harder for an attacker to build a reverse
dictionary for translated encrypted passwords back into their
unencrypted form: to build a reverse dictionary of 100,000 words, an
attacker would need to have 409,600,000 entries. As a side effect, the
salt makes it possible for a user to have the same password on a number
of different computers and to keep this fact a secret (usually), even
from somebody who has access to the /etc/passwd files on all of those
computers; two systems would not likely assign the same salt to the
user, thus ensuring that the encrypted password field is different.[11]

[11] This case occurs only when the user actually types in his or her
password on the second computer. Unfortunately, in practice system
administrators commonly cut and paste /etc/passwd entries from one
computer to another when they build accounts for users on new
computers. As a result, others can easily tell when a user has the same
password on more than one system.

8.6.3 What the Salt Doesn't Do

Unfortunately, salt is not a cure-all. Although it makes the attacker's
job of building a database of all encrypted passwords more difficult,
it doesn't increase the amount of time required to search for a single
user's password.

Another problem with the salt is that it is limited, by design, to one
of 4096 different possibilities. In the 20 years since passwords have
been salted, computers have become faster, hard disks have become
bigger, and you can now put 4, 10, or even 20 gigabytes of information
onto a single tape drive. As a result, password files have become once
again a point of vulnerability, and UNIX vendors are increasingly
turning to shadow password files and other techniques to fight
password-guessing attacks. Yet another problem is that the salt is
selected based on the time of day, which makes some salts more likely
than others.

----8>----8>----8>----8>----8>----8>----8>----8>----8>

Why didn't you use Google to look about Unix's salt ?

Modern unices don't use the DES anymore. Very strong and high
quality ciphers are used, like OpenBSD's Blowfish adoption years
ago.

--
unzip ; strip ; touch ; grep ; finger ; mount ; fsck ; more ; yes ;
fsck ; umount ; sleep

Current thread:

Re: password cracking: one char at a time., (continued)
- Re: password cracking: one char at a time. Gilbert Fernandes (Nov 22)
  - Password Cracker tools Louie (Nov 23)
    - Re: Password Cracker tools Saqib Ali (Nov 24)
    - Re: Password Cracker tools Jason Thompson (Nov 24)
    - Re: Password Cracker tools nodecapatal (Nov 24)
    - RE: Password Cracker tools Aditya Deshmukh (Nov 24)
    - Re: Password Cracker tools Bhavatosh (Nov 24)
  - Re: password cracking: one char at a time. michael young (Nov 23)
    - Re: password cracking: one char at a time. Saqib Ali (Nov 23)
    - RE: password cracking: one char at a time. Aditya Deshmukh (Nov 24)
    - Re: password cracking: one char at a time. Gilbert Fernandes (Nov 28)
- Re: password cracking: one char at a time. Ippatsu Man (Nov 22)
- Re: password cracking: one char at a time. Chris Largret (Nov 22)
- Re: password cracking: one char at a time. cg (Nov 22)
- Re: password cracking: one char at a time. michael young (Nov 24)
  - RE: password cracking: one char at a time. Clement Dupuis (Nov 24)