Linux Password Files

[shuiend]

i was thinking about Linux passwords are encripted then i relized it being open sourche you could see how it is done. i was wondering if it would be possible to write a program that decrypts the passwords since you can see the algorithem to encrypt them. What languge would  be the best to do this. i was thinking C or C++. i thik this could be a big security hole and was wondering how hard it would be to accomplish. i was not sure which thing to put this in either Linux or programming. i decided programming because it has to do with writing a program. i am not sure if this is possible so i am open to any ideas or info you have

[voidmain]

The fact that Linux is open source has nothing to do with the strength of the encryption.  The encryption routines are open source, Windows even uses them.  It's the fact that it uses a "key" based encryption that makes the method of encryption worthless knowlege as far as unencrypting the password.  The only method for cracking passwords are using the brute force method on both Linux and Windows.  

Most password cracking programs take a dictionary of words, encrypt each of those words, and variations of those words (change O's to 0's, S's to 5's etc) and compare the encrypted password with the encrypted dictionary word. If the encrypted passwords match, then they now have your password.  That's why it is important to use passwords that are 1) more than 5 characters, 2) not a dictionairy word, or any word period. 3) mixed case and mixed with numbers and special characters.  

Obviously given enough computing power you can crack any password by using every combination of characters starting with a 1 character password on up to 8 character passwords (or whatever the maximum password size is for the given operating system).

[shuiend]

ok thanks for the knowledge

[voidmain]

Oh, and getting the list of encrypted user passwords would be the first challenge.  If they can get that, then there probably isn't much need to try and crack any of the user passwords.  They likely would already "own" the system.

[beltorak0]

to my knowledge;
there is no real way to decrypt the *nix passwords.  They are encrypted with a "one way hash" -- a mathematical process in which it is infeasable to unencrypt the data.  This means that once a password is accepted, it is lost forever (well, almost).  The sysadmin cannot retrive it, but can only [re]set it to a known value.  See the book "applied cryptography" for details.  also  http://www.aspencrypt.com/crypto101_hash.html

There are, however, several programs that supply random passwords to the encryption algorithm and then check the result against the stored value.  Use them to check the strength of your passwords.  change weak passwords.  Change passwords regularly and (fairly) frequently.  Use all kinds of letters/numbers/punctuation/etc in the password; birthday attacks (the password is something personal about the person, like wife's name, soc. sec. number, birthday, etc) and dictionary attacks (the password is a word and appears in a standard dictionary) are the easiest to crack and the programs (usually) check these first.  "rover" would be one of the first things a cracker would use as your password (especially if he/she know you have a dog named rover) and should be avoided. FuckBillGates would be slighty harder, but essentially falls to a variation of the dictionary attack.  Try something along the lines of

Code: [Select]

since it is essentially random to begin with.  For the ultra paranoid, use a 256 bit random key; for a computer running at the background radiation temperature of the universe (~3.5 K) to cycle through all values of a 256 bit counter, it would consume more energy than the sun puts out in 32 years -- and this doesn't take into account the energy necessary for computation.... (applied cryptography).
incedentally, PGP uses 1024 bit keys as default (i f i remember correctly).

-t.

[voidmain]

I guess we didn't answer your question.  C is a good language to use to write a password cracking program, although you can use about any language.  I have written C programs using the standard "crypt()" function in UNIX.  It is actually very easy.  

However, I used to use a program called "crack" which was open source to check all of our systems and make sure our users were using good passwords.  I had it set up to send an email message to the user and make them change their password if I could crack it.  Also, the standard "crypt()" function is not the best for a cracking program.  I don't know if it is still true, but it used to be written very ineficiently, in fact delays were built in to the function so as to prevent being used in password cracking programs.  It would still be perfect for legitimate system use.  So the program "crack" came with it's own encryption functions (I believe it was called "ufccrypt").  Then password cracking could be done at optimal speed. "john" is another good password cracking program.  Both "john" and "crack" are open source so you can look at the code for examples.

The only reason I am answering your question is there are legit uses for password cracking and I assume you are doing it on the up and up. And it's a good easy learning C project.

[ August 01, 2002: Message edited by: VoidMain ]

[Master of Reality]

isnt the actual password the key to unencrypt it?

[voidmain]

Actually, the password IS the key, but it's not used to "decrypt".  When you type your password in to an authentication prompt (login, su, etc) the password you type in is run through the crypt() function and the resulting string is compared with the stored string associated with your userid in the password file. If they match then you are allowed in.

Or something like that...

Now there are times when you do need to decrypt as well as encrypt, that's when you need to securely transmit data. PGP, SSH, SSL, IPSEC are examples of this. There are usually multiple keys involved with these types of encryption/decryption. Both public and private.

[ August 02, 2002: Message edited by: VoidMain ]

[choasforages]

yeah, voidmain is correct on password cracking, and yes, it would be a good c++ project, i think i am going to work on it. but i want to mess with blowfish. and not standerd des. as for one way hash. i had a calc basic prog that made one way hashes i think. i could post the code for it, if i could remeber what it was