Systems

UNIX does a good job of protecting its processes and files. However, in general, it does not provide much protection from crackers, people who attempt unauthorized entry into a computer or account. The user's only defense against crackers is his password. Here I explain how UNIX authenticates and tracks users and their processes and how crackers attempt to subvert this through password guessing. I also suggest methods for choosing passwords which are easy to remember yet resistant to cracking.

UNIX is inherently a multi-user operating system, distinguishing and separating users and their processes. Every process is assigned a user as its owner.

Generally this ownership is inherited from the process's parent, although the kernel can arbitrarily change it. It is through ownership that the kernel tracks users and verifies their authority to alter other processes or to access files. During the login procedure a system daemon reads the user's name and password and, if they are legitimate, changes its ownership to that user. It then makes a child shell process to handle the session and inheritance proceeds normally. The login daemon verifies the user's legitimacy solely through the given user name and password. This implies that a cracker who can guess these will be indistinguishable from the real user, as far as the system is concerned.

Under UNIX, passwords themselves are not stored on the computer. Instead, encrypted versions are computed whenever the user's password is changed, and stored, along with the user's account name and real name, in the password file. Passwords are sometimes called plaintext and their encrypted version ciphertext. The login daemon verifies the plaintext by encrypting it with the standard UNIX crypt(3) function and comparing the resulting ciphertext with that in the password file. If these match, the login continues. Otherwise the user is refused entry. Crypt was designed as a one-way function; to date there is no publicly known way to calculate the plaintext from the ciphertext. It was also designed to be slow in order to protect against automated guessing. In addition, to protect against crackers' attempts to generate and store the ciphertext of many passwords for later use, each password can be encrypted 4096 different ways. This greatly increases the storage requirements and hampers the distribution of such ciphertext dictionaries. A short string called a salt indicates which way a given password was encrypted. This is stored along with the ciphertext.

Assume that a cracker has a copy of the password file for a target network. This is trivial if he has access to the network, otherwise he may be able to obtain it through techniques beyond the scope of this article. He generates guesses, encrypts them with the appropriate salt using a fast version of crypt (the algorithm is widely known) and compares the ciphertext with the password files. If they match, he knows the password, if not, he continues with the next guess. There are two common ways to generate guesses: the brute force and dictionary methods. Brute force attempts to try all possible passwords. These have at most 8 characters, each having more than 60 variations: the alphabet, both upper and lower case, numbers and special keyboard characters. This yields about 608 or 2 X 1014 combinations. With a fast version of crypt my workstation will encrypt about 5000 passwords per second. Thus it would take at least 1000 years to complete a brute force attack against one user. Clearly this approach is infeasible. The dictionary method, also called key search, is much more selective. It generates guesses from dictionary words and strings derived from them using various algorithms or rules. To illustrate, consider the publicly available program Crack, written by Alec Muffett, which implements a key search attack. It comes with about 60 dictionaries totaling about 1.5 million words. These cover a broad range, from scientific terms to the names of cartoon characters, from science fiction stories to Shakespeare, from the King James Bible to the Koran, from Italian to the Pinyin and Wade-Giles romanization of Chinese, from computer jargon to common bad passwords. Even so, on my workstation, Crack can check all these against one password in about 5 minutes. But it doesn't stop there. It then applies its rules to these words to generate new guesses. These rules typically perform substitutions, for example by changing all occurrence of 'i' toT, 'a' to '2', 'e' to '3', 's' to '$' and so on. Thus 'v3r1t2$' would be generated from 'veritas', a dictionary word. As well as substitutions there are rules for appending, reversing, capitalizing, pluralizing, truncating and many more. Crack also allows external UNIX programs to generate rules, greatly increasing it sophistication. If all of Crack's approximately 500 included rules were applied to all of its dictionaries, the new guesses could be checked in less than two days. As not all rules apply to every word this will take less time in practice. Because Crack tries to find the easiest passwords in the system, it applies the simplest rules first and checks all users, then continues with progressively more complex rules. In addition to its dictionaries and rules, Crack builds a special dictionary for each user, using permutations of his real and account name.

How well does Crack work? Very well. Typical examples of passwords it will guess in short order include: 'M2rk12n3', derived from Mark Lane; 'grape1', derived from a dictionary word with a numeric suffix; '3baggin$', derived from 'baggins', the name of a Hobbit in Lord of the Rings by J.R.R. Tolkien, with a prefix and substitution. Multiple digit suffixes such as 'jan25', 'Burns59' or 'markI321' would not be caught with the included rules, but a Simple external program would find them. The worst passwords are simple dictionary words or those based on the user's name; 'energize', 'password' and 'lanemark' would be cracked in minutes, if not seconds.

We know that modifying dictionary words tends to generate bad passwords. How can one choose a good password: easy to remember, quick to type and hard to guess? Two techniques I recommend are combined words and personal acronyms. Combining two random words roughly squares the number of possibilities. Even allowing for truncation and duplication, this will increase search times by several orders of magnitude. If a special character is interposed, so much the better. Examples might include 'amberBee', 'fasT'nod' or 'decoNcpu'. Adding upper case in random locations helps. Be careful that these do not result in words such as 'skipjack', 'playroom' or 'Pavetack' (used in the U.S. Air Force) which are themselves in a dictionary. To make an acronym, try thinking of special characters as representing objects or thoughts, then develop a phrase with personal meaning. For example, "The dry river had tumbleweeds rolling around" would lead to 'tdrh*sra'. If you like sports cars you might try something like "Toyota MR-2 beats Mustangs" leading to "Trnr>Mus". With a little practice it will become easy, even fun, to invent new passwords. Use at least 6 characters as shorter words are susceptible to brute force attack.

I've assumed that a cracker has the password file and a computer. Suppose the same cracker had no a-priori information and wants to break into a network connected through a modem to the telephone system. Assuming he knew the telephone number, it would take approximately 30 seconds to try each guess: dialing, guessing, hanging up, and redialing. This would increase the previously calculated times by a factor of about 150,000. It would be very difficult to break a reasonable password this way. Crackers attacking through an Internet connection is an interesting subject but well beyond the scope of this article.

Should you care if your password is easy to guess? That is ultimately an issue for management to decide in the global context of security, backups and disaster recovery. However, it is likely that your system administrator will at some time install a password changing program which forces you to pick a 'reasonable' password. When that happens the information given here may prove valuable. As for myself, I go by the old truism "Just because you are paranoid doesn't mean they aren't out to get you."