Humans have used passwords for thousands of years, but we find the first concrete evidence in ancient Egypt. When a prominent Egyptian died, workers prepared his body by mummifying it. They then buried the deceased with scrolls bearing prayers from the Book of the Dead. On these scrolls, priests wrote secret passwords that could buy the deceased entry into heaven.

Most such passwords were not encrypted. Instead, priests put their trust in fate, gambling that the deceased would reach heaven before grave robbers discovered him. Whether things ultimately worked out that way, we'll never know. But we do know that at some point (roughly 2,000 B.C., during the reign of Mentuhotep III), Egyptians dispensed with plain-text passwords. Over the next 1,000 years, in addition to fractions and primitive algebra, the Egyptians developed rudimentary cryptography. Let's briefly cover cryptography now.

Cryptography

The word cryptography stems from two ancient words: krypto (hidden) and graphia (writing). Cryptography, therefore, is the science of secret writing. In cryptography, you create messages that only authorized personnel can read. To everyone else, cryptographic or encrypted text is gibberish.

The earliest cryptography was primitive, often consisting of anagram-style scrambling, where characters were merely rearranged. For example, the word Egyptian might be transposed to neagiytp. Please see Figure 5.1.

Figure 5.1. In anagrams, letters are rearranged. To unscramble the message, you must rearrange the letters into their original positions.

Later, in Roman times, messengers used substitution ciphers. Early substitution ciphers employed simple formulas to uniformly convert each character to another. Julius Caesar popularized one that consisted of shifting characters ahead by three. Hence, the letter a becomes c, the letter b becomes d, and so on.

Today, simple substitution ciphers exist but aren't used for serious data hiding. One is ROT-13, a substitution cipher that shifts characters 13 positions ahead (so a becomes n, b becomes o, and so on). To test ROT-13, compile the following code and run it:

#include <stdio.h>
#include <ctype.h>

/* test-rot13.c
A simple ROT-13 substitution cipher.
To compile: "gcc test-rot13.c -o rot13" */

void main() {
   int user_input;

   printf(">Please enter some text to encrypt or decrypt
");
   printf("---------------------------------
");

   while((user_input=getchar())) {

    if (islower(user_input))
            user_input = 'a' + (user_input - 'a' + 13) % 26;

       if (isupper(user_input))
            user_input = 'A' + (user_input - 'A' + 13) % 26;
            putchar(user_input);
    }
}

Running this book's title, Maximum Linux Security, through ROT-13 will produce the following text:

Znkvzhz Yvahk Frphevgl

The chief advantage of ROT-13-style ciphers is that they obscure the original letters used. Hence, attackers cannot decode the message by rearranging letter positioning, as they would with an anagram. Instead, they must deduce the shifting formula used, which is more difficult.

Note

For a more detailed (but still brief) historical treatment of cryptography, see A Short History of Cryptography, Dr. Frederick B. Cohen, Management Analytics, 1995, located at http://www.all.net/books/ip/Chap2-1.html.

Simple substitution ciphers are too rudimentary to protect data, though. So over the centuries, and particularly in the last 100 years, researchers have developed many different cipher types. Initially, these ciphers were simple enough that human beings, spending hours or days, could ascertain the algorithm used. However, as computers emerged that could perform millions of calculations per second, the demand for stronger encryption increased.

Linux passwords are created using an advanced encryption algorithm from IBM called the Data Encryption Standard, or DES.

DES, like most things, is not infallible. Linux passwords encrypted with DES can be cracked quickly, usually within minutes. There are two chief reasons for this:

In dictionary attacks, attackers take dictionaries—long wordlists—and encrypt them using DES. During this process, they send regular words, proper names, and other text through precisely the same permutations and transformations that Linux passwords are exposed to. Over time, using high-speed cracking tools, attackers can encrypt each dictionary word in some 4,096 different ways. Each time a cracking tool derives such encrypted text, it compares it to the passwords from /etc/passwd. Sooner or later (often sooner) it finds a match, and when it does, it notifies the attacker: a password has been cracked.

Since there's no substitute for experience, you're going to execute a dictionary attack right now.

Application: Crack

Required: C + root (and Perl if you do parallel or multi-processor cracking)

Config Files: dictgrps.conf, dictrun.conf, globrule.conf, network.conf.

Security History: Crack has no outstanding or previous security history.

Notes: You must have root to run Crack. Note that if you're caught running Crack on other folks' password files, you may get busted because this is quite illegal. If you're employed as a system administrator, you may still encounter problems, so ensure that you have adequate authorization before testing or cracking system passwords. Cases often arise where system administrators are brought to book, dismissed, or otherwise penalized for performing unauthorized password audits. If you have any doubts about your firm's policies, ask first. (Conversely, if you're intentionally using Crack for unlawful activity, remember that if you use someone else's processor power and time to perform your nefarious activity, you will almost certainly get collared.)

Crack is the UNIX community's best-known password auditing tool. In early releases, its author, Alec Muffett, described Crack as

(See Crack: A Sensible Password Checker for Unixat http://alloy.net/writings/funny/crack_readme.txt.)

Over time, he only slightly amended that description. Today, Muffet describes Crack as

Crack is currently in release 5.0a, which I used to generate the following example. If you intend to try Crack against your own passwords, please take a moment now to download Crack at http://www.users.dircon.co.uk/~crypto/index.html.

The example runs through several phases:

Let's do it.

$ gunzip  crack5.0.tar.gz

$ tar -xvf crack5.0.tar

$./Crack –makeonly

all made in util
make[1]: Leaving directory `/root/c50a/src/util'
Crack: makeonly done

$ Crack -makedict

Crack: Created new dictionaries...
Crack: makedict done

$ cp /etc/passwd passwords.txt

$ Crack passwords.txt

src; for dir in * ; do ( cd $dir ; make clean ) ; done )
make[1]: Entering directory `/root/c50a/src/lib'
rm -f dawglib.o debug.o rules.o stringlib.o *~
make[1]: Leaving directory `/root/c50a/src/lib'
make[1]: Entering directory `/root/c50a/src/libdes'
/bin/rm -f *.o tags core rpw destest des speed libdes.a .nfs* *.old 
*.bak destest rpw des speed
make[1]: Leaving directory `/root/c50a/src/libdes'
make[1]: Entering directory `/root/c50a/src/util'
rm -f *.o *~
make[1]: Leaving directory `/root/c50a/src/util'
make[1]: Entering directory `/root/c50a/src/lib'
make[1]: `../../run/bin/linux-2-i586/libc5.a' is up to date.
make[1]: Leaving directory `/root/c50a/src/lib'
make[1]: Entering directory `/root/c50a/src/util'
all made in util
make[1]: Leaving directory `/root/c50a/src/util'
Crack: The dictionaries seem up to date...
Crack: Sorting out and merging feedback, please be patient...
Crack: Merging password files...
cat: run/F-merged: No such file or directory
Crack: Creating gecos-derived dictionaries
mkgecosd: making non-permuted words dictionary
mkgecosd: making permuted words dictionary
Crack: launching: cracker -kill run/Ksamshacker.sams.net.1092

1175   2 S N  0:04 cracker -kill run/Ksamshacker.sams.net.1092
1178   2 Z N  0:00 (kickdict <zombie>)
4760   2 S N  0:00 kickdict 240
4761   2 R N  0:00 sh root/c50a/scripts/smartcatrun/dict/gecos.txt.dwg.gz
4762   2 S N  0:00 sh -c dictfilt | crack-sort | uniq
4763   2 S N  0:00 dictfilt
4764   2 R N  0:00 sort
4765   2 R N  0:00 sh -c dictfilt | crack-sort | uniq

I:925693285:LoadDictionary: loaded 10 words into memory
G:925693285:yIRWmr3zbhms6:nicole
I:925693285:OpenDictStream: trying: kickdict 4
I:925693285:OpenDictStream: status: /ok/ stat=1 look=4 find=4
genset='conf/rules.basic' rule='!?Alp' dgrp='gecos' prog='smartcat

$./Reporter

Guessed marty [marty]  Marty Rush [passwords.txt /bin/bash]
Guessed Nicole [alexalex] Caldera OpenLinux User [passwords.txt /bin/bash]
Guessed manny [willow]  Caldera OpenLinux User [passwords.txt /bin/bash]
Guessed moe [solace]  Caldera OpenLinux User [passwords.txt /bin/bash]

Crack-style dictionary attacks are the subject of a lot of folklore. Even today such attacks occur, although they are diminishing with the widespread use of shadowing.

One interesting story from a system administrator's viewpoint was offered in a classic paper titled Security Breaches: Five Recent Incidents at Columbia University. In it, the authors wrote

(See Security Breaches: Five Recent Incidents at Columbia University, Fuat Baran, Howard Kaye, and Margarita Suarez, Columbia University Center for Computing Activities. Find it at http://www.vc3.com/~caldwm/security/OLDARCHIVE/papers/columbia_incidents.ps.)

Ultimately, the researchers traced down at least one culprit, a local student, but the others remained anonymous. The paper describes several such cases. If you're a first-time Linux user, I recommend reading it to get a preview of what such an attack looks like and its warning signs.

Other important papers on this subject include

Dictionary attack tools like Crack are invaluable to you. They help you test your users' passwords for relative strength (something we'll address later). However, like almost any other security tool, Crack also can be a powerful weapon in the wrong hands.

Indeed, dictionary attacks have always been an integral part of the cracking scene. For years, crackers targeted /etc/passwd because it stored user passwords. Once attackers had these, they had everything. As a result, UNIX security specialists were forced to rethink password security. They needed a way of keeping /etc/passwd readable while still obscuring encrypted passwords. The answer was password shadowing.

/etc/shadow is a special file that stores not just user passwords but also special rule indicators (covered later in the chapter). Here's a typical /etc/shadow file:

root:lLOTWOUA.YC2o:10713:0::7:7::
bin:*:10713:0::7:7::
daemon:*:10713:0::7:7::
adm:*:10713:0::7:7::
lp:*:10713:0::7:7::
sync:*:10713:0::7:7::
shutdown:*:10713:0::7:7::
halt:*:10713:0::7:7::
mail:*:10713:0::7:7::
news:*:10713:0::7:7::
uucp:*:10713:0::7:7::
operator:*:10713:0::7:7::
games:*:10713:0::7:7::
gopher:*:10713:0::7:7::
ftp:*:10713:0::7:7::
man:*:10713:0::7:7::
majordom:*:10713:0::7:7::
postgres:*:10713:0::7:7::
nobody:*:10713:0::7:7::
bigdave:aNi7cQR3XSTmc:10713:0::7:7::
jackie:7PbiWxVa5Ar9E:10713:0:-1:7:-1:-1:1073897392

In some respects, /etc/shadow resembles /etc/passwd. The file consists of one record per line, and each record is broken into nine colon-delimited fields:

Using these values, the shadow suite implements two new concepts above and beyond basic password database maintenance:

The shadow suite consists of multiple utilities for user, group, and password management. These tools and their functions are summarized in Table 5.4.

Let's look at the more essential shadow suite tools and the tasks they perform.

usage: useradd [-u uid] [-g group] [-m] [-d home] [-s shell] [-r rootdir]
               [-e expire dd/mm/yyyy] [-f inactive] name
       useradd -D
       useradd –v

/usr/sbin/useradd jsprat -m -c"Jack Sprat" -u510 -g100 -s/bin/bash

bigdave:x:100:100:Big Dave:/home/bigdave:/bin/bash
jackie:x:101:100:Jackie:/home/jackie:/bin/bash
jsprat:x:510:100:Jack Sprat:/home/jsprat/:/bin/bash

root:lLOTWOUA.YC2o:10713:0::7:7::
bin:*:10713:0::7:7::
daemon:*:10713:0::7:7::
adm:*:10713:0::7:7::
lp:*:10713:0::7:7::
sync:*:10713:0::7:7::
shutdown:*:10713:0::7:7::
halt:*:10713:0::7:7::
mail:*:10713:0::7:7::
news:*:10713:0::7:7::
uucp:*:10713:0::7:7::
operator:*:10713:0::7:7::
games:*:10713:0::7:7::
gopher:*:10713:0::7:7::
ftp:*:10713:0::7:7::
man:*:10713:0::7:7::
majordom:*:10713:0::7:7::
postgres:*:10713:0::7:7::
nobody:*:10713:0::7:7::
bigdave:aNi7cQR3XSTmc:10713:0::7:7::
jackie:7PbiWxVa5Ar9E:10713:0:-1:7:-1:-1:1073897392
jsprat:*not set*:10715:0:-1:7:-1:-1:

[root@linuxbox2 /root]# passwd jsprat
Enter new UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully

bigdave:aNi7cQR3XSTmc:10713:0::7:7::
jackie:7PbiWxVa5Ar9E:10713:0:-1:7:-1:-1:1073897392
jsprat:cALtUMRf40VbU:10715:0:-1:7:-1:-1:1073897392

$ ls –al /etc/skel

drwxr-xr-x   4 root     root         1024 May  2 13:32 .
drwxr-xr-x  23 root     root         3072 May  3 22:18 ..
-rw-r--r--   1 root     root           49 Nov 25  1997 .bash_logout
-rw-r--r--   1 root     root          913 Nov 24  1997 .bashrc
-rw-r--r--   1 root     root          650 Nov 24  1997 .cshrc
-rw-r--r--   1 root     root          111 Nov  3  1997 .inputrc
-rw-r--r--   1 root     root          392 Jan  7  1998 .login
-rw-r--r--   1 root     root           51 Nov 25  1997 .logout
-rw-r--r--   1 root     root          341 Oct 13  1997 .profile
drwxr-xr-x   2 root     root         1024 May  2 12:09 .seyon
drwxr-xr-x   3 root     root         1024 May  2 12:08 lg

$ userdel –r username

$ groupdel workers

The shadow suite's author recognized that there would be instances when you'd want to go above and beyond the simple addition and deletion of users and groups. To account for this, the shadow suite provides several utilities for the general maintenance of accounts and authentication databases.

Finally, let's briefly address the shadow suite's own security. Is it safe? It can be. However, there are ways for attackers to mount formidable attacks.

First, know this: At its most basic, the shadow suite simply hides your passwords from prying eyes. So, instead of passwords being accessible in /etc/passwd, they're stowed away in /etc/shadow. In the short run, this certainly bolsters your system security. However, attackers are well acquainted with the shadow suite and have accordingly shifted their interest from /etc/passwd to /etc/shadow. The only material difference from an attacker's viewpoint is that /etc/shadow is harder to reach.

In fact, the shadow suite is quite safe in itself, providing that you've installed the most recent version. Unfortunately, though, its security depends largely on your system security at large. Here's why: Many other applications have holes that allow attackers to read (or even write) /etc/shadow. Mind you, this is not the fault of the shadow suite's author. It's simply a fact of life. Security analysts discover software vulnerabilities every day, and over time, applications are bound to crop up that will jeopardize your password security. This happens often enough that you must constantly be on guard.

Here are some examples:

In fact, on average, a similar bug crops up once every 90 days or so. Table 5.11 gives a slightly expanded view and demonstrates just how eclectic such attacks can get.

$ export RESOLV_HOST_CONF=/etc/shadow
$ rlogin /etc/shadow

In summary, while the shadow suite is not fundamentally flawed, many other unrelated factors can affect its security. The only way for you to protect your shadowed passwords is to be vigilant and keep your system up to date.

The shadow suite is an important innovation and a vital tool in your security arsenal. In addition to protecting your passwords from unauthorized eyes, the shadow suite offers you extended control over user accounts and passwords, as well as an opportunity to implement at least minimal password policy with relative ease.

Encryption is a vital security component. However, no matter how strong your encryption is, it will fail when users make poor password choices.

Here's a fact: Users are lazy, error-prone, and forgetful. Often, users create passwords from the following (partly to save time and partly to make their lives easier):

These are all awful choices. Crack would crack any such password in seconds. In fact, good passwords are difficult to come by even if you know something about encryption.

There are several reasons for this. One is that even your local electronics store sells computers with staggering processor power. These machines can perform millions of instructions per second, thus providing attackers with the necessary juice to try thousands of character combinations.

Moreover, dictionary attack tools have become quite advanced. For example, Crack employs rules to produce complex character combinations and case variations that create exotic passwords far beyond the limits of the average user's imagination, memory, or patience (such as #z!~[non-printable-character]=X<). Even when users get relatively creative with their passwords, Crack can often prevail.

Most of the time, users don't even make reasonable efforts to bolster password security. In a 1993 paper titled UNIX Password Security, one specialist observed:

(See Unix Password Security, Walter Belgers, December 6, 1993. Find it at http://www.giga.nl/walter/write/pwseceng.ps.)

This is why tools like Crack are so valuable. By regularly checking the strength of the passwords on your network, you can ensure that crackers cannot penetrate it by exploiting bad password choices. Such a regimen can greatly improve your system security. In fact, many folks now employ tools that check a user's password when it is first created. This implements the philosophy that

(See "Improving System Security via Proactive Password Checking", Computers and Security [14, pp. 233-249], Matthew Bishop, UC Davis, California and Daniel Klein, LoneWolf Systems Inc., 1995.)

This technique is called proactive password checking, something that can greatly improve your Linux system's password security.

In proactive password checking, you eliminate weak passwords before they're committed to the password database. The process works like this: When a user creates his desired password, it is first compared against a wordlist and a series of rules. If the password fails to meet the requirements of this process (for example, the proactive password checker finds a match or judges the pattern to be too simple), the user is forced to choose another.

Currently, there are three prevailing proactive password checkers (and there's a fourth one forthcoming). All require some hacking on your part. They are

Let's quickly cover each one now.

Up until this point I've focused primarily on login passwords, and these are certainly important. After all, many client/server applications use standard /etc/passwd- or /etc/shadow-based authentication (FTP, telnet, and TFTP, just to name a few). However, in the greater scheme, these are only the beginning.

I want you to fully appreciate the importance of password security, so we're going to take it in steps. First, consider your own account—not as root, but as a user. Please examine Figure 5.2.

Figure 5.2. Your machine and a few of the passwords on it.

As depicted in Figure 5.2, chances are that you've got at least five passwords. Take me, for example. When I wake up each morning, I go through this routine:

But Linux is a multi-user system, and I know that you probably plan to support at least a few users. For the sake of argument, let's say that you have five other users on your machine. Please examine Figure 5.3.

Figure 5.3. Your machine, now that you have five additional users.

To put things completely in perspective, let's also assume that you're deploying Linux in a business environment. You will ultimately be faced with a situation similar to the one depicted in Figure 5.4.

Figure 5.4. Your tiny network.

Your tiny network could have as many as 200 passwords on it. There are only two possibilities for these, and both are highly undesirable:

Each scenario presents its own risks. In the first case, users create identical passwords for several applications and servers. This is deadly. Suppose that your users also maintain outside accounts with services like Hotmail. Suppose further that your users are lazy and their Hotmail passwords are identical to passwords they've used on your system. Already you're in hot water. If Hotmail's password databases are ever compromised (and Hotmail passwords have been exposed in the past), outsiders could raid your system. Hence, you're exposed to cross-host attacks, and possibly even cross-network attacks.

Or take the reverse situation. Suppose that you institute a company policy that all passwords must be unique, and your users actually adhere to this, even on systems that do not support proactive password checking. (An unlikely scenario, but we're theorizing.) If so, the quality and strength of these passwords invariably will be poor. Your users' laziness, coupled with their anxiety over forgetting all those different passwords, will probably cause them to buckle and create passwords that are either rudimentary or quite similar to others they've created.

And it gets worse. Third-party applications seldom use established password databases (/etc/passwd or /etc/shadow) to perform authentication. Even less seldom do they implement entirely secure password storage. (For example, Netscape Communicator 4.5 stored encrypted email passwords in a JavaScript source file named prefs.js.)

These conditions will only worsen because networking is becoming more and more critical for business and entertainment. This naturally increases public demand for newer and more interesting networking tools. In response, developers continue churning out innovative applications and rushing them to market, often without subjecting them to stringent security testing. Thus, the consumer market is flooded with applications that store or transmit passwords insecurely.

Therefore, if you're deploying Linux in a business environment, take the following steps:

Beyond all this, you still have one great weapon at your disposal: user education. Ensure that your users understand how important password security is. In particular, try to impress upon them the importance of complying with password policies, even when it's inconvenient. They should never write down passwords, give them to third parties without authorization, or share them even with trusted co-workers. (This last requirement may seem severe, but it is quite necessary.)

It's unlikely that you'll be running Network Information Service (NIS, formerly called the Yellow Pages or YP system). However, since NIS has a significant security history and can adversely affect your password security, it's worthy of mention here.

NIS, developed by Sun Microsystems and originally released in 1985, allows machines on a given network to share user and password information (among other things). NIS achieves this using the client-server model and RPC (remote procedure calls) to share either local or global information contained in at least these files:^[*]

Global NIS information (which can be used to simulate a single sign-on situation) must be updated in a special way using special YP utilities. As explained in the yppasswd manual page:

The chief problem with NIS is that it's insecure. By guessing your "secret" NIS domain name, crackers can grab your password information (local or global) and crack your system passwords. To see how these attacks work, get Improving the Security of Your Site by Breaking Into It, by Dan Farmer and Wietse Venema, located at http://www.securit.net/breakin.html.

NIS is quite complicated. If you intend to use it (and you shouldn't, except in intranet environments), get these resources: