3 - 1
Information Assurance Foundations - SANS
©2001
1
Password Assessment and
Management
Security Essentials
The SANS Institute
This module will address password security. Although user names and passwords are a familiar
technology, most people are not aware of the inherent weaknesses in many of the different password-
based authentication schemes in use today. These weaknesses are important to understand since many
networks would be compromised if passwords on just a few key machines (such as firewalls, DNS
servers, or Windows domain controllers) were known to an attacker.
Many of us remember how, in the movie Wargames, a teenager breaks into the government's super-
secret WOPR computer by guessing the username and password of the scientist who created WOPR's
software. The teen researched information publicly available about the scientist, and guessed that the
man's password was the name of his young son -- Joshua. That familiar example illustrates exactly why
it is important not to use words or names that might be associated with a person as passwords. These
values can be guessed by an attacker.
Further, most of us are aware that we shouldn't use passwords that are too short (because all character
combinations can be easily tried) or write passwords on a sticky note and put the note under the
keyboard. But beyond this basic understanding, can we quantify what makes a password difficult to
guess when a computer is used as the guessing engine? It turns out that the (sometimes non-intuitive)
answer depends on the particular method used to protect the sensitive information.
In this module we will explore how and why we strive to protect passwords on the following two levels:
• The password files should be protected from reading or theft.
• It should be computationally infeasible (ideally) for an attacker to guess the password values even
given the password files. If an attacker does manage to obtain a copy of a password file, we do not want
him to be able to use the information contained therein to recover the password values.
We will see that the methods used to achieve password protection differ between operating systems,
vary in effectiveness, and in some cases have undergone recent evolution. This module will explore

common password strategies in use today, how these schemes are attacked, and how administrators can
maximize the strength of the password scheme they employ.
3 - 2
Password Assessment and Management - SANS
©2001
2
Agenda
• What password cracking is
• Why it is important
• Methods of password cracking
• Password cracking in Unix - Crack
• Password cracking in Windows - LC3
(L0phtCrack)
• Password cracking with John the Ripper
Typically OS file permission schemes are employed to ensure that only privileged users (if any) can
access password file information. However, attacks exist to circumvent file access restrictions and an
attacker may be able to read or obtain a copy of the file. Further, an attacker may have already
gained sufficient privileges to read the file and wants to harvest other username/password
combinations to try on neighboring systems. Because it is possible for an attacker to get a copy of
the password file, our discussion today will focus most strongly on the process of "cracking"
passwords.
"Cracking" is the process of attempting to "guess" passwords given password file information. We
will start with a discussion of what password cracking is, why it is important, and methods of
password cracking. We will then move on to Unix password cracking and concentrate on Crack.
Then we will jump to the Microsoft side of the house and cover L0phtCrack (the newest version is
called LC3). For both packages we will cover how to install and run the program, how to view the
results, how to protect against password cracking, and features of a strong password.
At the end of the module we will explore a more recent addition to the cracking toolbox called "John
the Ripper". "John" is important due to the tool's speed advantages and ability to crack passwords
encoded with a wide range of encryption algorithms. We will see how Crack, LC3, and John evolved

to meet the increased cracking challenges posed by recent upgrades to the Unix and Windows
password protection mechanisms.
3 - 3
Password Assessment and Management - SANS
©2001
3
Why Are Passwords So
Important?
• First line of defense
• Control access
• Get additional access
• Create back door for future access
Let's back up for a moment and think about why passwords are so important. Passwords are often the
first line of defense against interactive attacks on a system. Since it is fairly easy for someone to
figure out a user ID, the only thing protecting the system is a user’s password. If an attacker can
gather no helpful information to aid in the attack (such as password file contents or sniffed network
traffic) he must resort to either creative or "brute force" password guessing.
If an attacker can at least read the password file or obtain a copy, his chances of successfully
obtaining an actual password increase significantly. Even if the attacker only obtains a lowly user-
level password, it is fair to assume that he will log on to the target system as the user and then break
into "root" via an operating system hole.
Consider this brief example. Most companies have dial-up access for remote access to their network.
Unfortunately in most companies, the dial-up modems reside behind the firewall, which means once
you are authenticated by the remote access server, you have access to the network. In this case, if
someone has a weak password, an attacker can use a war dialer to find the remote access number,
dial-up the number, guess a weak password, and within a matter of minutes, an attacker has just
gained full access to the network.
3 - 4
Password Assessment and Management - SANS
©2001

4
How Are Passwords Stored?
• User passwords must be protected
against:
– unauthorized disclosure
– unauthorized modification
– unauthorized removal
• Solution: Store only the encrypted
password
In many companies, passwords are more than the first line of defense -- they are the only line of
defense protecting internal information and servers. Since most user IDs consist of the first
initial/last name of an employee (or some combination), it is fairly easy to discover valid user IDs for
individuals at a company. Then, the only other piece of information needed to gain access is a user
password. Therefore passwords need to be protected and very hard to guess.
The key things passwords need to be protected against are unauthorized disclosure, unauthorized
modification, and unauthorized removal. If users write down their passwords or share them with
other people, then it is likely that a malicious party could obtain the password. An attacker able to
modify a password is just as problematic, because he could set the password to a particular value
without needing to know what the original password was. Note that changing the password is
potentially risky for the attacker however, because if the user tries to log in and cannot, foul play
may be suspected.
In order to protect passwords, operating systems use encryption, which basically hides the original
content so if someone gets the encrypted password they will not be able to determine what the
original password was.
3 - 5
Password Assessment and Management - SANS
©2001
5
Encryption 101
• Encryption is the process of converting

plaintext into ciphertext.
• The goal is to make the original text
unreadable.
• Three basic methods:
– symmetric - single key
– asymmetric - two keys (public and private)
– hash – one-way algorithm, no key
This section will cover a brief overview of encryption so that you can understand why and how
password cracking works. For additional details, there are two additional modules in this training
course that cover encryption in-depth.
In its most basic form, cryptography is the process of converting plaintext into ciphertext, with the
goal of making the original text unreadable. Basically, plaintext is the original, human-readable
message and ciphertext is the unreadable message in its encrypted form.
Therefore, since the goal of passwords is to make them unreadable, they are stored in encrypted form.
There are three basic types of encryption. Symmetric encryption uses a single key to encrypt and
decrypt the message. Symmetric encryption is also known as secret key encryption because a single,
secret key is used for encryption and decryption. If two people wanted to communicate, they would
both have to have the same key. One person would use the key to encrypt the message, and the other
person would use the same key to decrypt it. The security of the scheme relies on the fact that an
attacker does not know the secret key.
Asymmetric encryption uses two keys, a public and a private key. Asymmetric encryption is also
known as public key cryptography because it uses both a private key and a public key to encrypt and
decrypt information. The public key is given to everyone while the private key is only known by the
owner. These keys form an "encryption-decryption pair" -- anything encrypted with the public key can
be decrypted with the private key, and anything encrypted with the private key can be decrypted with
the public key.
Note that symmetric and asymmetric encryption mechanisms provide both for translating text into
ciphertext, and for recovering the original text from the ciphertext. Hash functions are a little bit
different. Hash algorithms are considered "one-way" functions because they perform a one-way
transformation of information that is irreversible. Basically, given an input string, the hash function

produces a fixed-length encrypted output string, and from the output string there is no way to recover
the original input string.
3 - 6
Password Assessment and Management - SANS
©2001
6
What Is Password Cracking?
Discovering a plain text password given an encrypted password.
Encryption
Algorithm
clear-text
password
(unknown)
encrypted
password
(known)
Encryption
Algorithm
guesses for
clear-text
passwords
guesses for encrypted
passwords
MATCH
Computers use hashing algorithms to encrypt passwords for storage. This means that someone who
recovers a password file cannot use the hashed values to reverse the one-way encryption function
and recover the original passwords. But how does the computer use the encrypted information then
to authenticate users?
The technique is simple. Even though hashing functions cannot be reversed, they always produce the
same output given the same input. Thus, the computer stores only the hashed passwords (rather than

original passwords) on disk. When a user attempts to authenticate, the computer applies the hash
algorithm to the password the user has supplied for authentication. If the hash of the user-supplied
password matches the hash stored on disk, the user is successfully authenticated.
Password cracking is the process of trying to guess or determine someone’s plaintext password,
given only their encrypted password. The process does not actually "crack" the encryption, but rather
mimics the actions that would be taken if a user tried several passwords until they guessed the right
one. Each "guess" is hashed and compared to the stored value. When a match is found, the user is
authenticated. "Cracking" is the process of using a computer to generate many "guesses" and quickly
try them all against the hashed password value until a match is found. The cracking operation is
performed "offline", against a recovered password file.
The general method for cracking is the following:
•Find a valid user ID
•Find the encryption algorithm used
•Obtain the encrypted password
•Create a list of possible passwords
•Encrypt each password
•See if there is a match
One tip for speeding up the process is to pre-compute the encrypted versions of all possible clear-text
passwords. At that point the entire process reduces to comparing the encrypted password of interest
with all values on the pre-computed list. When a matching encrypted value is found, we extract the
clear-text password corresponding to the encrypted match to find the answer.
3 - 7
Password Assessment and Management - SANS
©2001
7
Methods of Password Cracking
• Dictionary attack
• Hybrid attack
• Brute force attack
There are three general methods for cracking passwords. The main difference between the

alternatives is the speed of performing the crack vs. the complexity of passwords that can be cracked.
For example, one method that is extremely quick will only crack passwords with a low complexity
such as passwords that contain only alpha characters. More complex passwords might contain alpha
characters, numbers, and special characters, but will take longer to crack.
The fastest method for cracking passwords is a dictionary attack. This is done by testing all the
words in a dictionary or word file against the password hashes. When it finds the correct password,
it displays the result. There are lots of sites that have downloadable dictionaries you can use. These
attacks are quite effective because people tend to choose dictionary words for passwords.
The second method to crack passwords is called a hybrid attack. This attack builds upon the
dictionary method by adding numeric and symbol characters to dictionary words. Many users
choose passwords such as "bogus11" or ”he11o!!” (where the letter L’s are replaced by numeric
ones). These passwords are just dictionary words slightly modified with additional numbers and
symbols. The hybrid attack rapidly computes these passwords. These are the types of passwords
that will pass through many password filters and policies, yet still are easily crackable. Several tools
have configurable rulesets that allow the attacker to specify the combinations and permutations of
dictionary words that should be tried.
The final and most powerful cracking method is the brute force method. This method will always
recover the password no matter how complex. It is just a matter of time. Really complex passwords
that use characters that are not directly available on the keyboard may take so much time that it is not
feasible to crack them on a single machine using today's hardware. But most complex passwords can
be cracked in a matter of days. This is usually much shorter than the time most administrators set
their password policy expiration time to. Using a real-world cracking tool is the only good way to
know what time one should set for password expirations.
3 - 8
Password Assessment and Management - SANS
©2001
8
Why Is Password Cracking
Useful?
• Auditing strength of passwords

• Recovering a forgotten password
• Recovering an unknown password
• Migrating users
• Checks and balances
There are many reasons for computing users’ passwords. First and foremost is for a system administrator
to audit the strength of the passwords that their users are using. There are password filters for Unix, but
how do you know how well you have chosen a filter? Without testing the passwords generated by users
against a real-world password cracker, you are guessing at the time it will take an external attacker or
malicious insider to uncover the passwords. Other uses include recovering a forgotten password,
retrieving the password of a user in order to impersonate them, or migrating Windows NT users to another
platform such as Unix.
Migrating users from one platform to another is included for completeness, but is not recommend. In
every case where I saw companies attempt to do this, it never worked and always resulted in a security
violation. An example of this would be a company that currently has 2 NT domains and they want to
migrate to a single domain. Instead of moving half of the accounts to one domain, giving those users a
new temporary password that is the same for all users, and have all users logon and change their password,
a company might want to make this process transparent to them. One way to do this is to crack all of the
passwords on one domain and then manually enter the new account with the old password for each user on
the new system. This way when the users come in, they can logon with their old password and not even
know that their account has been migrated. The negative side is several users besides the end user now
know the user’s password. As you can imagine, this could lead to a lot of potential problems.
Some could also argue that cracking user’s passwords also results in a potential security violation, because
once the password is cracked others will know that user’s password. As we all know this is not an issue
because everyone trusts security. ☺ (Sorry, there I go with geek humor again.) Since this is a concern,
password cracking can be used for checks and balances, where strong passwords are never cracked. For
example, if the password policy for a particular company says all passwords must contain alpha
characters, numbers, and special characters, then a customized cracking scheme can be developed. We
can use our password cracker to crack passwords that only contain alpha characters, or numbers, or special
characters, or alpha characters and numbers, or alpha characters and special characters, or numbers and
special characters. In this case if the password adheres to the policy, which means it contains alpha

characters, numbers, and special characters, then it will not be cracked. Only passwords that do not follow
the policy will be cracked and seen by the administrator. Users with cracked passwords would be
instructed to change their passwords immediately and the administrator never sees the new values.
3 - 9
Password Assessment and Management - SANS
©2001
9
Unix Password Cracking - Crack
• Name: Crack
• Operating System: Unix
• Brief Description: Crack is a "password
guessing" program that is designed to
quickly identify accounts having weak
passwords given a Unix password file.
Crack is a freely available program designed to break Unix encrypted passwords by standard
guessing techniques. Crack was originally developed for passwords encrypted using the DES-based
crypt() function that is typically included in the Unix standard C libraries. Over time, Crack evolved
to support crypt() versions that use non-DES hash algorithms (such as MD5), and to use alternate
DES implementations on OS installations where the crypt() function is not available.
The Crack program is written to be flexible, configurable and fast, and can make use of several
networked hosts via the Berkeley rsh program (or similar), where possible.
Note: According to Crack's author Alec Muffet, of all the possible encryption implementations that
Crack can use, the program usually runs fastest with Eric Young's "libdes". This fact will become
more interesting when we discuss John the Ripper.
Note: Each of the password cracking programs we will discuss operates by checking the users'
passwords against "guessable" values. The method is illustrated in the previous slide. The program
works by encrypting a list of likely passwords and seeing if the result matches any of the encrypted
passwords contained in the password file. The tools are surprisingly effective and easy to use.
3 - 10
Password Assessment and Management - SANS

©2001
10
Crack
• Available from
/>•Features
– Configurable password cracking
– Modular approach with various scripts
– Combining and extracting password files
– Works with any crypt() implementation
Crack’s main function is to crack passwords on a Unix machine. There are some versions that have
been ported to other operating systems, but the original program works only on Unix. Crack also has
a modular approach where Crack is used only to crack user passwords. But what makes Crack so
useful is that it comes with various other scripts. For example, one script is used to view the results
of running Crack. Another script is used to combine password files. This is very useful because it
makes it very flexible and adaptable to be used in various environments.
One of the distinguishing strengths of Crack is the huge number of rules (over 2000) it uses to create
permutations of password guesses. Each time Crack is run it uses supplementary information from
the password file's comment fields to create a new wordlist (in addition to using the standard
dictionaries and permutations thereof). Often users will put information about themselves, such as
their full name, in the comment field and then use some permutation of this information as their
password. Crack takes advantage of the comment information to create a list of password guesses
specifically tailored for each user.
3 - 11
Password Assessment and Management - SANS
©2001
11
Crack Requirements
• Requirements
– Unix-like operating system
– C compiler

– Moderate amount of disk space
– Lots of CPU time
– PERMISSION FROM SYSADMIN
– Root-privileges, quite possibly
– "gzip" is extremely desirable
In order to run Crack, you need to be running a Unix operating system and using an encryption algorithm that
Crack supports. The traditional Unix standard is DES encryption, and this is what Crack is best at handling.
However, in recent years several operating systems have moved to alternate encryption algorithms such as
MD5 or Blowfish. Primary reasons for the change include: Avoiding problems with US export restrictions
concerning encryption products, allowing for passwords longer than the 8 characters permitted by DES, foiling
cracking programs by forcing them to spend more effort on each encryption performed (MD5 and Blowfish
are stronger algorithms than DES).
You can discover what encryption type your system is using by examining the encrypted password values
found in the password or shadow file. MD5 encrypted passwords are significantly longer than their DES-
encrypted cousins and always begin with a "$1". Similarly, Blowfish encrypted passwords always begin with a
"$2". If your system uses one of these alternate algorithms you would be better off using "John the Ripper"
(discussed later). Some background information can be found at these URLs:
/> /> />Crack is not compiled when you download it, so you must have a C compiler running on your system. It is
recommended that you use GNU C or gcc, since this has been tested with Crack already and it will make it
much easier to compile. Crack is "self-compiling" and builds the components it needs when executed.
Crack is fairly large and computationally intensive, just by nature of what the program does. So before you
install and run Crack, make sure you have enough resources to compile and run it. If other people are using
the Unix machine, please check with them prior to running Crack because it could cause some issues if they
are running critical applications. If you do not own the machine, always make sure you check with the
appropriate people prior to running it.
Also, depending on how your system is configured, you might need root access to configure, run, and get the
encrypted passwords. Since Crack is compressed, make sure you have gzip on your system so that you can
uncompress the Crack source code.
3 - 12
Password Assessment and Management - SANS

©2001
12
Configuring Crack
• Download Crack file
• Unzip the file using gzip
– gunzip -r crack5.0.tar.Z
• Untar the file
– tar -xvf crack5.0.tar
• Read manual.txt
• Edit the script file
• Compile program
– crack -makeonly
– crack -makedict
Once you download Crack, there are several steps that must be performed prior to running it. This is because you
do not download an executable like you do with Windows; you download the source files which need to be
compiled and configured in order to run the program.
After you successfully download Crack, unzip and untar the file crack5.0.tar.gz with the command tar -xzvf
crack5.0.tar.gz. A directory called c50a is generated with subdirectories holding configuration files,
documents, scripts, source codes, etc. Text files like Makefile, Reporter, and Crack are also generated. A
manual.txt file is there too (which is the same as the README file).
Next, READ the manual.txt file. This is just to give you an overview and more detailed information of how to use
the program. These slides will give you enough information to get Crack up and running on supported systems.
Then, edit the Crack script file and reconfigure the values of CRACK_PATH, C5FLAGS, CC, CFLAGS, and
LIBS to suit the operating system.
If you are running a supported operating system like Solaris, you do not need to make any changes to the script
files. You would only need to do that if you are running it on a version of Unix that has not been tested or are
using a different encryption algorithm. It is recommended that you look at these files, but you could also just try
compiling with the standard scripts to see what happens.
Finally, issue the commands Crack -makeonly and then Crack -makedict. After these two steps, a
binary executable Crack file is generated. You should view the output of these commands to make sure no errors

were generated. If errors were generated, you will have to go back and configure the Crack script files for your
specific environment. If no errors are generated, you are ready to start using Crack.
3 - 13
Password Assessment and Management - SANS
©2001
13
Running Crack
• Run Crack with a password file
– Crack [options] [-fmt format]
[file ...]
– Crack myfile
• Pipe output to a file
– Crack myfile > output
• Run Reporter script to see results
– ./Reporter [-quiet] [-html]
To run Crack, run the Crack file using any password file that you have. The simplest syntax of Crack is Crack
followed by the path and name of the passwd file. If you want to run it against the password file on your current
machine and the system is not using shadow password files, just type Crack /etc/passwd. (If you know
your system uses shadow password files, or are not sure if it does, consult slides 22 and 23 for help.)
While the Crack program is running, it keeps on displaying messages on the screen indicating the status of the
program. This information can be captured by redirecting the output of Crack to a file, say >output. In order to
make sure Crack is running properly, create an account “eric” with a password of “eric” to make sure Crack
catches it.
There is a switch in Crack, which is –mail, which will email a warning message to anyone whose password is
cracked. Sending mail to a cracked user actually may not be a good idea, because if the user keeps their mailbox
readable by everyone (accidentally), everyone will know he/she has a weak password and his/her account may be
hacked in! It is also interesting to note that under the c50a directory, there is a directory called dict. This is a
dictionary directory that stores common passwords in files ending with .dwg extensions. These passwords are
arranged in categories like sports, cis, etc. You can view and even modify these files with an editor. If you are
going to edit these files, be extremely careful because you could cause Crack to stop working since these are the

files it uses to crack passwords.
To check results of the Crack program, run the Reporter script. This script outputs the results of which passwords
were cracked. This can also be piped to a file. If you used an earlier version of Crack, it no longer generates
human-readable output directly; instead, to see the results of a Crack run, the user should do: ./Reporter [-
quiet] [-html]
Guesses are listed chronologically, so users who wish to see incremental changes in the output as Crack continues
to run over a course of days or weeks, are encouraged to wrap invocations of "Reporter" in a script with "diff".
The -quiet option suppresses the reporting of errors in the password file (corrupt entries, etc), while -html
produces output in a fairly basic HTML-readable format.
3 - 14
Password Assessment and Management - SANS
©2001
14
Crack Options
• -debug
• -recover
• -fgnd
• -fmt format
• -from
N
• -keep
• -mail
• -network
• -nice N
• -makeonly
• -makedict
• -kill
filename
• -remote
The following are the options available with Crack and a brief explanation of each. Crack automatically

decides what encryption algorithm to use by searching the host file system for shared libraries and
using whatever can be found.
-debug: Lets you see what the Crack script is doing.
-recover: Used when restarting an abnormally-terminated run; suppresses the rebuild of the
gecos-derived dictionaries. (Editor’s note: The password field that contains the user’s full name
is sometimes called the ‘gecos’ field because the early Unix machines at Bell Labs used this field
to store information needed to submit batch jobs to a mainframe running the GECOS operating
system. ‘Gecos-derived dictionaries’ are dictionaries of possible passwords generated based on
the user’s full name, or variations on the user’s full name. – JK)
-fgnd: Runs the password cracker in the foreground, with stdin, stdout, and stderr attached to
the usual places.
-fmt: Format, specifies the input file format.
-from N: Starts password cracking from rule number “N.”
-keep: Prevents deletion of the temporary file used to store the password cracker's input.
-mail: Email a warning message to anyone whose password is cracked. See
"scripts/nastygram."
-network: Runs the password cracker in "network" mode.
-nice N: Runs the password cracker at a reduced priority, so that other jobs can take priority
over the CPU.
-makeonly and -makedict: Used for building Crack binaries and dictionaries.
-kill filename:
-remote: Internal options used to support networking.
3 - 15
Password Assessment and Management - SANS
©2001
15
Original Passwords
• User Eric password eric
• User John password john1234
• User Mike password 5369421

• User Mary password #57adm7#
• User Sue password sue
• User Lucy password 12345
• User Pat no password
• User Tim password password
• User Cathy password 55555
• User Frank password abcde
• User Tom password mnopqr
• User Karen password bbbbbbbb
To show you how effective Crack is at cracking passwords, this is a sample password file that was
used and the corresponding passwords.
3 - 16
Password Assessment and Management - SANS
©2001
16
Results From Crack
Output From Reporter
• ---- passwords cracked as of Tue Aug 17 10:41:00 EDT 1999 ---
• 0:Guessed pat [<no-ciphertext>] [npasswd /bin/sh]
• 934899050:Guessed eric [eric] [npasswd /bin/sh]
• 934899050:Guessed lucy [12345] [npasswd /bin/sh]
• 934899050:Guessed sue [sue] [npasswd /bin/sh]
• 934899259:Guessed tim [password] [npasswd /bin/sh]
• 934899274:Guessed frank [abcde] [npasswd /bin/sh]
• 934899304:Guessed karen [bbbbbbbb] [npasswd /bin/sh]
• 934899342:Guessed cathy [55555] [npasswd /bin/sh]
• -----done--------
Basically by typing ./Reporter, the above results are displayed to the user to show you which
passwords were cracked.
3 - 17

Password Assessment and Management - SANS
©2001
17
Effectiveness of Crack
• User Eric password eric - CRACKED
• User John password john1234
• User Mike password 5369421
• User Mary password #57adm7#
• User Sue password sue - CRACKED
• User Lucy password 12345 - CRACKED
• User Pat no password - CRACKED
• User Tim password password - CRACKED
• User Cathy password 55555 - CRACKED
• User Frank password abcde - CRACKED
• User Tom password mnopqr
• User Karen password bbbbbbbb - CRACKED
As you can see, Crack guessed eight of the passwords. All of the passwords that were guessed were
either simple words, repetitive characters, or a string of characters or numbers. What is interesting is
that abcde was cracked but mnopqr was not. Both are strings, but one started in the beginning of the
alphabet and the other started in the middle. Also john1234 was not cracked, which is a simple
combination of two strings.
This is not a negative aspect of Crack, but it is just important to understand the limitations of a
program whenever you use it. So, just because Crack didn’t guess a password does not mean that an
attacker might not.
Also, it is important to note that these results are based on the standard configuration of Crack.
Crack can be configured to guess additional passwords.
One key aspect of password crackers that use dictionary attacks is how good a dictionary they use.
There are several sites on the internet that contain dictionaries and you can also create your own.
Depending on where your company is located there are also dictionaries that contain foreign words.
3 - 18

Password Assessment and Management - SANS
©2001
18
How To Protect Against It
• Enforce a strong password policy
• Use shadow passwords
• Use one-time passwords
• Use passwd to enforce strong
passwords
There is no one set way to protect your site from someone guessing your passwords, but there are
steps you can take to minimize the chances.
A key to protecting passwords is a strong password. By having a strong password, you can make it
very difficult for someone to crack. Also, by using shadow password files you can restrict access to
the encrypted passwords. One-time passwords are also effective because they change each time the
user logs in. There is also a program for Unix called passwd which will perform basic checks when
a user changes their password to make sure it is not an easy-to-guess password.
3 - 19
Password Assessment and Management - SANS
©2001
19
Enforce a Strong Password Policy
• Mandatory for all accounts
– Passwords change every 60 days
– Accounts locked after 3 failed
attempts
– All passwords must contain one
alpha, one number, and one special
character
– Can’t re-use previous 5 passwords
A password policy is critical for a secure system. A few general guidelines are given in the slide

above. Additional suggestions for users, taken from the "passwd" man page, are below and on the
next notes page.
Protect your password:
Don't write your password down anywhere or place it in an unencrypted file. Memorize it.
Use unrelated passwords for systems controlled by different organizations.
Don't give or share your password, in particular to someone claiming to be from computer support or
a vendor.
Don't let anyone watch you enter your password.
Don't enter your password on a computer you don't trust.
Use the password for a limited time and change it periodically.
Choose a hard to guess password (the "don'ts"):
Don't use something you'd find in a dictionary (in any language or jargon).
Don't use a name (including that of a spouse, parent, child, pet, fantasy character, famous person, and
location).
Don't use any variation of your personal or accout name.
Don't use accessible information about you (such as phone number, license plate, or Social Security
number) or your environment.
Don't use a birthday.
Don't use a simple pattern (such as backwards, followed by a digit, or preceded by a digit).
3 - 20
Password Assessment and Management - SANS
©2001
20
Enforce a Strong Password Policy
(continued)
• Password should not contain:
– birthdays, names, sports teams, etc.
• Tips for picking good passwords
– pick a phrase and use the first letter of
each word

– example - When I stub my toe I say
!@#$% 5 times
– password - WIsmtIs!@#$%5t
Choose a hard to guess password (the "do's"):
Use a mixture of upper and lower case letters as well as digits or punctuation.
When choosing a new password, make sure that it is unrelated to any previous password.
Use long passwords (e.g. at least 8 characters long).
Examples: A word pair with punctuation inserted, a passphrase (an understandable sequence of
words), or the first letter of each word in a passphrase.
In order to prevent easily guessable passwords, a password should never contain birthdays, names,
sport teams, or special interests. Anything that can be viewed while sitting at your desk should also
never be used as a password. Attackers can easily target an individual. Anything that stands out as a
potential password, should never be used because it is to easy for someone to guess.
What I suggest is instead of picking words as passwords, users should be trained to pick a phrase. If
I told you that your new password was WIsmtIs!@#$%5t, you would probably think I was crazy.
Your response might be, “How in the world am I going to remember that password?” On the other
hand if I told you to remember the phrase, “When I stub my toe I say !@#$% 5 times,” you would
probably agree that it is fairly reasonable. The main emphasis of a password policy should not only
be to tell the user what is expected of them, but help them generate strong passwords that are fairly
easy to remember.
3 - 21
Password Assessment and Management - SANS
©2001
21
Use Shadow Passwords
• Older versions store all information in
/etc/passwd, which has read access.
– Everyone can see encrypted passwords
• With shadow password files, encrypted
passwords are stored in a separate file,

which does not have general read
permissions.
Older versions of Unix store all user IDs and encrypted passwords in the same file
(/etc/passwd), which anyone could read. This causes a problem because anyone that gains
access to the system can copy the encrypted passwords and crack them off-line. This also made it
very easy for any user of the system to use Crack and get passwords of anyone else that had a weak
password.
To overcome this weakness, newer versions of Unix store the user IDs in the /etc/passwd file,
but store the encrypted passwords in the /etc/shadow file, which has restricted read access.
3 - 22
Password Assessment and Management - SANS
©2001
22
Shadow Password Files
• User ids stored in /etc/passwd
• Passwords stored in /etc/shadow
– reduces effectiveness of password
cracking
– Trojan logins not as effective
– available on most versions of Unix
Because the encrypted passwords are more protected now, if you want to run Crack you have to get
access to the /etc/shadow file, which usually means you have to have root access. So, just using
a shadow file greatly restricts who can run Crack and try to guess passwords on your system.
Also, if your version of Unix does not support shadow files, you can either upgrade to the latest
version, or most vendors have patches that let you use shadow files with older versions of Unix. For
additional information see the vendor’s website for the flavor of Unix you are running.
3 - 23
Password Assessment and Management - SANS
©2001
23

Using Crack with Shadow
Password Files
• Must have root access to read
/etc/shadow
• Crack cannot read shadow file
• Must merge shadow and passwd file
together
• Use following scripts:
• shadmrg.aix
• shadmrg.sv
Crack can still be run even if you are using shadow files, it just greatly restricts who can run it since
you need root access to read the file. Even if you can read the shadow file, Crack cannot read it
directly. Therefore you must run the shadmrg script to merge the /etc/passwd and the
/etc/shadow files together so Crack can read it correctly. Basically, the shadmrg script creates
the older version of the /etc/passwd file that contains both the user ID and encrypted password.
The shadmrg script takes no arguments and must be edited to point to the correct location of the
passwd and shadow files (it assumes /etc/passwd and /etc/shadow by default).
3 - 24
Password Assessment and Management - SANS
©2001
24
Use One-time Passwords
• Each time the user logs on they use a
different password
• Password is only good for one session
• Example
– smart cards
– challenge/response
–SKEY
• Biometrics

One-time passwords are very effective against password guessing because the passwords change each time
the user logs in, so there is really no password to guess.
If you want to overcome the password guessing problem, then the ideal way is to use one-time passwords.
The drawbacks are implementation costs and complexities, and ongoing operating costs.
Basically, the most common form of one-time passwords is a smart card. This is a device that the user must
carry around with them whenever they want to log on to the system. Basically, the device is triggered off of
time, so every minute the password changes. When the user wants to log on they read the current password
off of the device’s display and type it in as the password.
Instead of time, some devices could also use what is known as challenge/response. The user presents their
user ID to the system and the system responds with a challenge. The user then types the challenge into the
device and the device displays a response, which the user then types in as the password.
Another form, which is less expensive, is software-based one-time passwords. A common implementation of
this is called SKEY. SKEY uses one-time passwords that are pre-computed when the system is setup. So,
each user gets a pre-computed list of passwords and they would use a different password each time they log
on.
There are strengths and weaknesses to each of the above approaches, but a detailed discussion is beyond the
scope of this presentation. They were briefly covered here to better understand some of the options that are
available to protect against password guessing.
3 - 25
Password Assessment and Management - SANS
©2001
25
Use passwd+
• Passwd+ makes several checks
– user must enter password twice
– minimum length password
– password must be a mixture of letters,
numbers, and special characters
– password is not the user’s name
– new password differs from previous

password
Passwd checks the user’s password whenever they change or select a new password. Passwd makes
several checks, including the following:
• user must enter password twice.
• verifies the password is a minimum length.
• verifies password must be a mixture of letters, numbers, and special characters.
• verifies password is not the user’s name.
• verifies new password differs from previous password.