Authentication Tools

Modified 21 June 2008

Topics on this page:


Well-Known Default Passwords

Many systems come with well-known default passwords which go unchanged by lazy admins. Here are lists, do you have any remaining risks?:


Password Cracking and Testing

I have a section on password cracking and testing on my system security auditing page. It includes links to useful tools.


Rainbow Tables, and Comparing Operating System Authentication Strength

Operating systems do not store the user's password, they store the hash of the password. The hash is a one-way function, see my Just Enough Crypto page for details. Most operating systems store the hash of the combination of a salt plus the user's password. When the password is (re)set, a new random salt is generated:
  Setting:
    User provides: password
    System generates a random: salt
    Stored: salt, hash(salt,password)
When the password is tested at authentication, the stored salt is used:
  Testing:
    User provides: password
    System retrieves stored: salt
    Compared: calculated hash(salt,password), stored hash(salt,password)

The salting makes the authentication more secure in two ways. First, two users who happen to pick the same password will almost certainly have different salts, and therefore different stored hashes (and even if they got to see the list of hashes, they would not realize they had the same password as someone else). More significantly, this makes a brute-force attack much more difficult.

As we should expect, Windows does not use the simple but effective security mechanism of salting! Surprisingly, neither did Mac OS X until version 10.3!

How many possible salt values are there?

Operating system Bits of salt Number of possible salt values
Windows,
Mac OS before OS X 10.4 (ref: http://www.dribin.org/dave/blog/archives/2006/04/28/os_x_passwords_2/)
0 1
That is, a null salt
Older UNIX (SunOS, Solaris 2.6,7,8, HP-UX, etc) 12 4,096
Mac OS X 10.4 32 4,294,967,296
UNIX (Solaris 9 and later, Linux) 48 281,474,976,710,656
OpenBSD 128 340,282,366,920,938,463,463,374,607,431,768,211,456

Windows has traditionally supported the LANMAN hash, a rather insecure method for authenticating on a poor networking protocol invented by IBM and used by Microsoft despite the availability of far better alternatives at the time. And Windows still supports LANMAN hashing by default. To create a LANMAN hash:

  1. Break the password into 7-character chunks. If the password is longer than 14 characters, this doesn't work. On the down side, you can't authenticate to LANMAN. On the up side, your password is not stored in a ridiculously weak format.
  2. For each chunk, map all lower-case letters into upper case.
  3. Pad each chunk with nulls to make it a full 7 bytes long.
  4. Use each chunk as a 56-bit DES key to encrypt the string KGS!@#$%.
  5. Concatenate those strings.

For the NT hash, calculate the MD4 hash of the user password. MD4, not MD5, due to history, although MD4 is a little less secure than MD5: http://www.rsasecurity.com/rsalabs/node.asp?id=2253

Note that "Windows NT" really means Windows NT 3.*, Windows NT 4.*, Windows 2000, Windows XP, Windows 2003, and so on. The Windows NT password hashing scheme is decent. The problem is that the password is, by default, hashed in the NT scheme and in the weak LANMAN scheme. So the strongest possible password is really no stronger than 7 characters with no upper/lower case distinction. To break the NT password via the LANMAN hash:

  1. Dump the hashes using pwdump, Cain & Abel http://www.oxid.it/cain.html, sniffing the network traffic, booting off Knoppix media, or whatever.
  2. Do a brute-force search of the LANMAN hash space, if the user does not have an easily guessable password.
  3. Once you have the LANMAN password, you have something very close to the NT password. You just have to try every possible upper/lower case variation in each 7-character chunk. So there are only this many to try: 27 = 128

Can this weak LANMAN behavior be turned off? Yes! At the possible loss of interoperability with LANMAN hosts, but we're interested in security. Here's how: http://support.microsoft.com/default.aspx?scid=KB;EN-US;q299656&

But then there are "Rainbow Tables". They are a space-time tradeoff, gaining lots of speed by pre-computing large tables of hashes. A typical Rainbow Table may cover 99.9% of the possible password space with a 10,000:1 tradeoff. That is, within seconds to minutes you can figure out which 10,000-member list contains the password, and then you find that password within 10,000 hash operations. This attack is only practical (for most attackers) against Windows, as the salts used by all other operating systems would make the attack require as many Rainbow Tables (each of which might require several gigabytes of storage) as there are possible salts. See the above table for just how many possible salts there are in non-Windows operating systems, and thus how many parallel Rainbow Tables would be needed.

On to the comparisons!

Operating system Notes, Difficulty of Attack
LANMAN Each chunk contains 7 characters, drawn from a set of 69 characters: the 95 printable ASCII minus the 26 lower-case letters. No salt, so we only have to search the relatively small LANMAN space itself.

Brute-force search space size:
697 = 7,446,353,252,589
Traditional older UNIX Hashing algorithm applied to password plus salt is a repeated modified DES, so a 56-bit output multiplied by the salt space.

This is what you have with Solaris 8 and earlier, HP-UX, etc.

Brute-force search space size:
212 x 256 = 4,096 x 72,057,594,037,927,936
= 295,147,905,179,352,825,856
Windows NT family

(NT 3.*, NT 4.*, 2000, XP, 2003, Vista, 2008, ...)
MD4 hashing of the password, but no salt.

The brute-force search space is larger than that of traditional UNIX. However, the lack of a salt in Windows makes a Rainbow Table practical, so brute-force attacks aren't really needed here!

Brute-force search space size:
2128 = 340,282,366,920,938,463,463,374,607,431,768,211,456
"BSD-style" hashing MD5 hashing of the password plus the 48-bit salt.

This is what you have with Linux, with most BSDs, and with Solaris 10 and later. Solaris 9 is capable of doing this if you know the trick on my OS-specific security page.

Brute-force search space size:
248 x 2128 = 281,474,976,710,656 x 340,282,366,920,938,463,463,374,607,431,768,211,456 = 95,780,971,304,118,053,647,396,689,196,894,323,976,171,195,136,475,136
Mac OS 10.4 SHA-1 hashing of the password plus the 32-bit salt.

Brute-force search space size:
232 x 2160 = 4,294,967,296 x 1,461,501,637,330,902,918,203,684,832,716,283,019,655,932,542,976 = 6,277,101,735,386,680,763,835,789,423,207,666,416,102,355,444,464,034,512,896
Blowfish hashing Multiples rounds of the Blowfish cipher used as a hash, operating upon the combination of the salt and the password.

This is possible with Linux, BSD, and Solaris 9 and later, and is the default with OpenBSD.

Note that the number wraps around two lines...

Brute-force search space size:
2448 = 726,838,724,295,606,890,549,323,807,888,004,534,353,641,360,687,318,060,281,490,199,180,639,
            288,113,397,923,326,191,050,713,763,565,560,762,521,606,266,177,933,534,601,628,614,656

Now, enormous numbers may be loads of fun, and may make it appear that you have some security, but setting a stupid password like, say, "password" is just as guessable regardless of hashing method!


Kerberos


Password Tools


Handheld Password Tokens


Biometric Authentication


Protect Sysadmin Authentication With sudo

Don't just hand out the system administrator's password! Allow certain users to run only certain commands with sysadmin privileges, with the sudo tool. See http://www.cs.coloradu.edu/~millert/sudo/.


TCP Wrappers and xinetd for Host Authentication


Software Authentication/Piracy

Software piracy (kinda) falls under authentication. Why audit yourself? If your site has pirated software, you may incur huge fines. Disgruntled employees will turn you in for rewards from SPA and BSA (Software Publishers Association and Business Software Alliance), who shows up with federal agents and search warrents. One U.S. Army base was hit for around $2,000,000 in 1996. Fines in the $100,000-200,000 range are common. Autodesk (http://www.autodesk.com/), maker of AutoCAD, has recovered more than US$ 35 million from North American copyright infringers in 1989-1999 (SC Magazine, April 1999, pg 18). The SPAudit tool is available free from http://www.spa.org. It audits what software is installed where, and also inventories hardware and system boot files. Further info is available on software piracy.


Security Page


Home Page Site Map Public Key E-Mail
Use /bin/vi! Hosted on OpenBSD
Hosted on Apache Valid XHTML 1.1! Valid CSS!
© Bob Cromwell Jul 2008. Created with /bin/vi, hosted on OpenBSD with Apache.    Root password available here