Unix/BSD/Linux the password mechanism of the century-vulnerability and early warning-the black bar safety net

2007-01-19T00:00:00
ID MYHACK58:62200713849
Type myhack58
Reporter 佚名
Modified 2007-01-19T00:00:00

Description

Freebird <freebird@cnfug.org>

  1. Overview

Early U N I X system to a user password stored in a plain text readable“password file”, which may be in the system administrator's attention to the case of not being intercepted and exposed. It also may have been in one accident in the leak. From AT&T UNIX version 6 starts, Thompson, etc. decided to adopt a different approach: U N I X password used to US military M - 2 0 9 cipher machine as a model of rotation based on the algorithm to be encoded. This fast algorithm is proved to be exhaustive plain text search has weaknesses and is AT&T UNIX version 7 appear in the more advanced of the crypt ( )library instead. Now Unix/Linux the password to a non-readable way to save in the machine. The system use a cryptographic hash algorithm the password is converting a text string. This string is called hash or hash value. The algorithm used can have a variety, but they are irreversible, that is not from the hash value to recover the original password. A different system, The password file and the encryption algorithm may be different. Manage, maintain these password files is to ensure the system security a top priority. (Not specifically described herein, all commands were in csh the following as root to run.)

  1. Encryption algorithm description

2.1---crypt()introduction---key and the salt

In Unix/Linux under the presence of a variety of hash algorithms. By the library functions crypt()call these systems support the algorithm. crypt()with key and salt two parameters, and returns the corresponding hash value. salt that is, we often say“salt”, it's just a simple string, its length depends on the algorithm used, a different hash algorithm it has a different range of values. So, even with the same algorithm, the same original password using a different salt, it will get a different encrypted password. salt the purpose of which is to increase password cracking difficulty, when we use the passwd command to change the password, it will choose a random salt. s a l t makes use of a pre-compiled Dictionary of encrypted passwords to attack becomes more difficult. Instead of the dictionary for each word do a separate encrypted, the attacker now had to the dictionary for each word 4 0 9 6 permutations for encryption and storage. In 2 0 years ago, the s a l t is as the nature of the resource obstacles introduced, but now 1 2 s a l t is no longer considered to be an effective Defense method. crypt()in the C Program calling directly, you can even use the perl call directly(details please man 3 crypt),as the following example: %perl-e 'print crypt("mypass","s1"),"\n"' s1tROevFyi. yQ

%perl-e 'print crypt("mypass","s2"),"\n"' s2JQ85JElCMeU

The above two examples s1, s2, respectively, as the salt value, can be seen, the same password on example mypass using a different salt will give a different hash value. The above two cases using the DES algorithm, the encrypted hash value of the salt value as its prefix.

2.2 the DES algorithm

By the U.S. government, and IBM research. All Linux version and almost all Unix systems support DES. DES is actually an encryption algorithm, but the crypt(3)be used as the hash algorithm. Ordinary of the DES algorithm to allow the original password length of 8 characters, the extra password is also accepted, but the excess portion will be automatically abandoned. But some systems such as HP-UX)using DES of a number of iterations to solve this problem,so that you can use any length of password. But the use of DES encrypted password of 1 to 3 characters long.

  1. 3MD5 algorithm

It is a real hash algorithm. Allow unlimited length of the password. It uses the salt space also don't DES algorithm is much larger, and so the two password is the same as the possibility of more small. It is also through the call to crypt(3)function implementation. The MD5 algorithm using the salt must be$1$at the beginning and$at the end. And salt length of 8 characters. For example, to use abcdef for the salt hash mypass, then as follows: %perl-e 'print crypt("mypass","\$1\$abcdef\$"),"\n"' $1$abcdef$nRHvewzGzJoYskdQAIEQr

Note: in the example above the"\n"is escape character. the salt value is$1$abcdef$,the original password is mypass,the hash value is:$1$abcdef$nRHvewzGzJoYskdQAIEQr The MD5 algorithm to obtain a hash value for the 3 1 characters long, and are in the$1$at the beginning.

2.4 other algorithms:

BSDI-style DES and Blowfish use but also more widely, this article will later be discussed.

2.5 BSD used encryption mechanism:

Various D E S a long period of time has been U N I X password encryption to the main algorithm, but there are other algorithms you can replace D E S. Modern B S D system provides some other algorithm of the application example. By default, FreeBSD uses by default MD5 encryption mechanism, because MD5 is no export restrictions, but also more secure than DES. DES is still available, but the DES exists solely for the purpose of and other UNIX systems the password used for backward compatibility. And the use of the DES system is also able to identify MD5, because MD5 the Hash also in the DES is used.

O p e n B S D go farther. Its development team in Canada, so it is not subject to United States export restrictions. O p e n B S D can be configured to use the traditional UNIX crypt (), such as“expand encryption”, M D 5 or B l o w f i s h. M D 5 by Ronald L. Rivest developed, it is in the RFC 1 3 2 1 Description. F r e e B S D and O p e n B S D, based on M D 5 of the crypt ( ) the password generated entry contains the version number, s a l t and the hash of the password, between each other with a“ $”symbol separated. A M D 5 password looks as follows: $ 1 $ c a e i H Q w X $ h s K q O j r F R R N 6 K 3 2 O W K C B f 1

Here,“$ 1”to indicate that M D 5“c a e i H Q w X”s a l t.

B l o w f i s h by Bruce Schneier in 1 9 9 3 years to develop, is D E S A fast, compressed, simple, and free alternatives of]. Although the S c h n e i e r that B l o w f i s h not suitable for generating one-way hash, but O p e n B S D will for this purpose use it. B l o w f i s h version of crypt ( )to use 1 2 8 s a l t, enough to make the most determined of vandals discouraged. The use of all possible s a l t-value for pre-compiled dictionary will be very expensive. Their maximum password length to 7 2 characters. B l o w f i s h algorithm is a p i hexadecimal numbers consisting of a fixed string to be initialized. Initialization of the B l o w f i s h state by the s a l t and the password is extended, and the process is repeated a certain number of times the value is encoded entry command string. The final B l o w f i s h password entry is to use the B l o w f i s h state to the string“ O r p h e a n B e h o l d e r S c r y D o u b t”encryption 6 4 times is obtained. The encrypted password entry contains the B l o w f i s h version number, algorithm number of repetitions and s a l t and the hash of the password of the connected—each by a“ $”character are separated. A code“ 8”will be statement 2 5 6 cycles. An effective B l o w f i s h password looks as follows: $2a$1 2$eIAq8PR8sIUnJlHaohxX209x9O1m2vk97lj5dsxdmb. eXF42qjchC

In this example, the initial expansion to 4 0 9 6 times. Given the very large number of repetitions and the length of the password, B l o w f i s h encrypted password than the other based on the traditional D E S mechanisms to encrypt the password more difficult to attack. Given by these algorithms to improve the provision of additional security measures, it is applied in the other U N I X system in just a matter of time.

2.6----How do I know your system uses the encryption algorithm

The method can be a lot, I simply listed a few:

Method(1)You can view libcrypt[._] Link to/usr/lib which library file to know your system password used in the encryption algorithm. If the link to libcryptlibrary, then use the MD5,if libdescrypt, it should be for DES. Specific operation is as follows: %cd /usr/lib %ls-l libcrypt[._] lrwxr-xr-x 1 root wheel 1 1 Jun 9 0 6:1 8 /usr/lib/libcrypt.a a@ -> libscrypt.a a lrwxr-xr-x 1 root wheel 1 2 Jun 9 0 6:1 9 /usr/lib/libcrypt.a so@ -> libscrypt.a so lrwxr-xr-x 1 root wheel 1 4 Jun 9 0 6:2 1 /usr/lib/libcrypt.a so. 2@ -> libscrypt.a so. 2 lrwxr-xr-x 1 root wheel 1 3 Jun 9 0 6:2 2 /usr/lib/libcrypt_p. a@ -> libscrypt_p. a %

Note: in FreeBSD4. 4, from FreeBSD 4.4 start completely by the login. conf to control the use of encryption algorithms, and default has been set to MD5,you want to DES,only the wherein:password_format segment of md5 replaced des. Anything to make the changes to take effect, later in this article with detailed instructions.

Attachment: we strongly recommend the user as much as possible the use of the MD5 library instead of DES. It is often also necessary will be some installation of the DES encryption algorithm the system DES library converted into a MD5 library, the operation is also very simple, only need to remove libcrypt[._*] Link, and then they are re-linked to corresponding to the md5 library. That is to s instead of the des is:

Links DES MD5 ----- --- ---

libcrypt. a libdescrypt. a libscrypt.a a libcrypt. so libdescrypt. so libscrypt. so libcrypt. so. 2 libdescrypt. so. 2 libscrypt. so. 2 libcrypt_p. a libdescrypt_p. a libscrypt_p. a

Method 2 view the/etc/login. conf password_format segment. Its value is md5,des,blf, respectively, corresponding to the MD5,DES and blowfish. The method(3)check the password file/etc/passwd or/etc/shadow(BSD under the corresponding/etc/master. passwd),the password feature that the use of the encryption algorithm. For example, with a$1$at the beginning of the is MD5,$2$at the beginning of the blowfish. DES there is no obvious features, but it's password section is relatively short, and are letters, not$like the characters, it is very easy to identify it!

  1. The password file

3.1 overview:

As you are familiar with Unix there is a/etc/passwd file to store the user's password file, but in different Unix, Linux, BSD in the role they are not the same. Some Unix and Linux also use the shadow file, but FreeBSD appropriate for the/etc/master. passwd file. The following will these files is described in detail.

3.2 The/etc/passwd file

Traditional Unix uses this file to store the user's password. The file in encrypted way to save the password, wherein the password must pass passwd password to generate if you are using NIS, corresponding to ypasswd,or from another account to copy over. P a s s w d each entry in the file looks as follows: n a m e : c o d e d - p a s s w d : U I D : G I D : u s e r - i n f o : h o m e - d i r e c t o r y : s h e l l 7 domains each separated by a colon from. Spaces are not allowed, unless in the u s e r - i n f o domains in use. The following summarizes the Each domain of meaning:

①name—the user is assigned a user name, this is not private information. ② C o d e d - p a s s w d—encrypted user password. If a system administrator needs to prevent a user to login, often with an asterisk( : * :)instead. The domain usually do not hand edit. The user should use the p a s s w d command to change their password. A point worth noting is that many of the recent U N I X products rely on the“shadow password” — is not in the/ e t c / p a s s w d to save the password. ③ UID—the user's unique identification number. Customarily, less than 1 0 0 the U I D is for the system account is reserved. ④ G I D—user belongs to the basic packet. Usually it will decide the user to create a file of packet ownership. In Red Hat L i n u x, each user account is by default assigned a unique packet. ⑤ U s e r - i n f o—the habit of which includes the user's full name. Mail system and f i n g e r such a tool accustomed to using the domain information. The domain is also referred to as G E C O S domain. ⑥ Home-directory—the domain specified in the user's home directory, it is the user login after entering the initial working directory. ⑦ S h e l l—this field indicates the user is logged into after the execution of the command interpreter where the path. There are several popular S h e l l, including the Bourne Shell (/bin/sh), C Shell (/bin/csh), the Korn Shell (/bin/ksh)and Bash Shell( / b i n / b a s h). Note for users in the domain is assigned a/ b i n / f a l s e value, this will prevent the user to log in.

Note: when editing the/etc/passwd file to create a new account, it should be in the Password field Put a"*", and some pseudo-user, for example, the daemon is also true to prevent users without the right to use the account. Until you have this new account set the real password.

3.2/etc/shadow file

Traditionally, the/ e t c / p a s s w d file within a wide range is readable, because many programs need to use it to put the U I D is converted to the user name. For example, if you can not access to the/ e t c / p a s s w d, then the ls-l command will display the digital U I D instead of the username. Unfortunately, the use of password guessing programs, with an encrypted password can be read the/ e t c / p a s s w d file showed a huge security risk. Most recently the U N I X Product Support for a workaround: the shadow password file. The shadow password system, The password file is divided into two parts: the / e t c / p a s s w d and the shadow password file. The shadow password file is saved encrypted password;/ e t c / p a s s w d in the c o d e d - p a s s w o r d domain is set to“X”or other substitute symbols. Shadow password file can only be r o o t or p a s s w d such a s e t _ u i d a program in need of legal access when reading, all other non-authorized users are denied access. Traditionally, the shadow password file is saved in the/ e t c / s h a d o w, although some systems use the optional path and file name. For example, B S D system to the encrypted password stored in the/ e t c / m a s t e r. p a s s w d.

/etc/shadow analysis the / e t c / s h a d o w the file contains the username and encrypted password as well as some of the following domain: (1) on the last modification password date from the 1 9 7 0 years 1 month 1 day number of days indicated. (2) The password in two times to modify between the minimum number of days. Password in the establishment of after you must change the number of days. (3)The password change to the user before a warning is issued of the number of days. (4)a password after the termination of the account is disabled number of days. (5)since the 1 9 7 0 years 1 month 1 date the account is disabled number of days. (6)retention domain. Below is a Red Hat Linux system in the/ e t c / s h a d o w file example: root:mGqwuvdF41bc:1 0 6 1 2:0:9 9 9 9 9:7::: bin::1 0 6 1 2:0:9 9 9 9 9:7::: daemon:1 0 6 1 2:0:9 9 9 9 9:7::: adm::1 0 6 1 2:0:9 9 9 9 9:7::: lp:1 0 6 1 2:0:9 9 9 9 9:7::: sync::1 0 6 1 2:0:9 9 9 9 9:7::: shutdown::1 0 6 1 2:0:9 9 9 9 9:7::: halt::1 0 6 1 2:0:9 9 9 9 9:7::: mail::1 0 6 1 2:0:9 9 9 9 9:7::: news::1 0 6 1 2:0:9 9 9 9 9:7::: uucp::1 0 6 1 2:0:9 9 9 9 9:7::: operator:*:1 0 6 1 2:0:9 9 9 9 9:7::: freebird:sdfaBh45ZiQn1llfa:1 0 6 1 2:0:9 9 9 9 9:7:::

By default, the password update is not turned on. So there is no password change before the minimum number of days, there is no password you must change the date. Password in 9 9 9 9 9 days you must replace the statement almost useless, because from now on almost 2 5 0 years. In the password before the end of the 7 days warning the user of the statement useless, unless you choose to use a password to update. In the present case there is no statement, also in the password is terminated and an account disable set between a period of time.

In an alternative shadow password feature of the system, with a relatively simple command set and updates the shadow password file: p w c o n v. The command in the shadow password file does not exist create a new one. If there is already a shadow file, p w c o n v/ e t c / p a s s w d of the new user is added to/ e t c / s h a d o w, The/ e t c / p a s s w d No of users from the shadow file deleted, and the password from the/ e t c / p a s s w d to move to the shadow file. In Red Hat Linux, the p w c o n v The New/ e t c / p a s s w d file write to a named n p a s s w d file, the new shadow file is written to n s h a d o w. These new files need to manually rename or copy. The user can use the p w u n c o n v command to return to not using a shadow file of the case, it is the shadow information in the file is merged back into the traditional password file.

Tip: early L i n u x does not support shadow passwords. Note: under solaris, you must use the hidden password file, under Linux, if the user installed shadow software can also be used.

3.2 The/etc/master. passwd

In BSD, the actual password file is/etc/master. passwd., Here the password is a simple text database, each user is a row, the row in the field with the":"separated. /etc/master. passwd privilege 0 6 0 0, and the/etc/passwd to 0 6 4 4, This means that anyone who accessed/etc/passwd. But only root can read/etc/master. passwd. In BSD,/etc/master. passwd is/etc/passwd of a super-set, which directly generate the/etc/passwd file. So in BSD, /etc/passwd file don't always need to be edited directly. Once you run vipw,passwd,chfn,chsh or chpass these commands,is the /etc/master. the passwd can be modified. And modify the automatically generated/etc/passwd. (Together with the generated also by the pwd_mkdb tool to generate the /etc/master. the passwd hash table form.) Flat File database(/etc/passwd,/etc/master. passwd)are only for a small amount of user right, the user one more, the search speed is slow. Therefore, in the BSD corresponding to the two database format hash table/etc/pwd. db and/etc/spwd. db,its permissions and the above two files correspond. Each time you run the chfn,passwd, etc. command,pwd_mkdb will automatically modify the two files.

Tip: If you want to according to another FreeBSD re-member user list or from another FreeBSD machine to transplant a list of users, simply put the new master. passwd(such as the master. passwd. new)file in/etc/, or/, then run the following command, note that the first backup of: %cp /etc/master. passwd /etc/master. passwd. bak %pwd_mkdb-p /etc/master. passwd. new

So the/etc/master. the passwd file will be overwritten, three other files are also rebuilt. (-p is generate a new/etc/passwd)

Note: the/etc/master. passw file and the shadow file the form and function are the same, however, and the/etc/master. passwd is different,under Linux or other systems using the/etc/shadow file not in/etc/passwd file of the superset./ etc/passwd file is also not by/etc/shadow file is generated, you need to manually maintain both files.

  1. BSD use“password expiration mechanism” “Password expired”means more than the allotted time password is invalid, the user must previously change the password. To achieve this function, need to modify/etc/login. conf file, in the default section added passwordtime=90d(or 2y,6w,24h or the like)such as: default:\ :password_format=md5:\ :copyright=/etc/COPYRIGHT:\ :welcome=/etc/motd:\ :passwordtime=24h:\

Because/etc/login. conf database must be compiled into a hash table, so you must run the cap_mkdb program to generate this hash table, and then to make the modification take effect. As follows: %cap_mkdb /etc/login. conf

Thus, if 2 4 hours not to modify the password, login will be prompted to enter a new password.

Note: in setting the passwordtime property, the passwd will be in/etc/master. passwd the sixth field is written to the last time the password was changed to. /etc/login. conf in the password and other setting aspects also much to the place of use, may wish to the man to see.

PostScript

This article is only a brief description about Unix/Linux and especially BSD password mechanism, to be also due to the own level, not in this text in-depth discussion of this issue. About password security and password cracking, and any use of more secure encryption mechanisms and other issues, I will in the future the author discussed.

References: man 5 passwd man 3 crypt man md5 man des man the login. conf DES-to-MD5-the(mini)HOWTO The Hacking Linux Exposed On The Unix System Administrator Handbook Of

About the author: Freebird,name: Marina crafts Biao to. CNFUG core members. Unix/Linux/BSD avid followers, familiar with BSD,Linux, Solaris, C, Shell. The main direction of research: various server set up, system and network security, kernel source code analysis and English Document translation. You are welcomed by freebird@cnfug.org 与 本人 联系 the.