Educause Security Discussion mailing list archives
Re: Password cracking benchmarks
From: Alan Amesbury <amesbury () OITSEC UMN EDU>
Date: Fri, 11 Nov 2005 17:23:52 -0600
Kevin Shalla wrote:
Don't dictionary and brute force attacks rely on having access to the password file?
Short answer: No. I'll expand on this below.
Aren't password files protected from theft?
Most modern systems are supposed to prevent unprivileged users from gaining access to password hashes. However, these are still obtainable through exploits, or through legacy tools with inadequate security designs (NIS being a big one). Also, if someone has uncontrolled physical access to your hardware, the safe assumption is that they have access to every file on your system (including any files containing password hashes).
Aren't login sessions encrypted between PC and server?
I know that there are attacks that work against PPTP (a MSFT protocol) and that have gotten more feasible as processing power has gotten cheaper. However, I've little enough direct experience that I can't comment on it. Assuming you're not blindly accepting SSH host keys when you connect to remote systems, SSHv2 is a fairly safe protocol. SSHv1 has some known problems, although it's been a while since I've looked at the difficulty in exploiting them. (Systems under my control all have SSHv1 compatibility disabled anyway, since it's generally unneeded.)
Are we talking about hacking by system administrators? If it's just trying passwords, don't lockout strategies keep them out?
Anyone can attempt a brute-force attack. The ones that I expect most people on this list have encountered lately are the ongoing attacks against systems running SSHd. These are, simply put, dictionary attacks. You've a good point regarding automated lockouts; such defenses would certainly help mitigate these attacks. However, many stock Unix systems appear to lack them. An attacker doesn't necessarily need privileged access to conduct an attack. All that's needed is an interface that can accept authentication credentials and respond whether they're valid or not. However, it's usually much, much faster to conduct an attack against a list of account/hash pairs, as a) much software has been written and heavily optimized to do exactly that, and b) it's nearly impossible for the victim to detect such an attack (unless the attacker is running the cracking software on the victim's own hardware). I rewrote my initial e-mail in preparation for sending it out internally, as it seems that such a detailed discussion hasn't amongst U of MN administrators for at least several years (possibly since I last dug into this). While rewriting it, I expanded a bit on the SSH attacks. BRUTE-FORCE ATTACKS OVER SSH ---------------------------- Brute-force attacks against SSH are timed very much the same way. The difference is that the rate at which you can test values is significantly lower than most password hashing algorithms. The password cracking rate is effectively whatever rate at which an attacker can connect and try candidate passwords. I think ten connections per second is relatively high, but let's say the host being attacked lets an attacker connect 100 times/second. Over eight hours, an attacker could only try 2,880,000 possible passwords, which is a pretty small dictionary. However, this is just for a single account. Most attacks target multiple accounts, too, which effectively cuts the rate at which an attack can occur, e.g., testing passwords for ten accounts in the same number of connections will reduce your available dictionary search space by a factor of ten. For the sake of argument, let's say that an eight hour attack as described above targets these accounts on the victim host: root, httpd, operator, admin, administrator. This means the attacker will try 576,000 possible passwords per account in the time allotted, which is a pitifully small number of guesses in a brute-force attack. To defeat such an attack (and assuming, for some reason, that remote root logins are *needed*), all the system administrator needs to do is to make sure the passwords for such accounts are sufficiently unlikely to appear on such a short list. In short, if you (or your users) are choosing strong passwords that are likely to survive dictionary attacks in general, then SSH attacks like we've been seeing will probably be a minor annoyance at most. -- Alan Amesbury University of Minnesota
Current thread:
- Password cracking benchmarks Alan Amesbury (Nov 10)
- <Possible follow-ups>
- Re: Password cracking benchmarks Russell Fulton (Nov 10)
- Re: Password cracking benchmarks Chris Green (Nov 11)
- Re: Password cracking benchmarks Kevin Shalla (Nov 11)
- Re: Password cracking benchmarks Alan Amesbury (Nov 11)
- Re: Password cracking benchmarks Alan Amesbury (Nov 15)
- Re: Password cracking benchmarks Leigh Cheek (Nov 15)
- Re: Password cracking benchmarks Hull, Dave (Nov 15)
- Re: Password cracking benchmarks Alan Amesbury (Nov 15)