Dictionary attack on Linux passwd/shadow authentication scheme
1. /etc/shadow
On linux system user information are stored in /etc/passwd. This file is world-readable (readable by any user of the computer system, even nobody) So it download tomtom de at ch is not a good idea to keep user passwords in it, even encrypted password.
The need to store (encrypted) password introduces the shadow file, which is /etc/shadow. It contains the download tomtom de at ch password which has been encrypted with the salt, which is also in the download tomtom de at ch shadow file.
contain of shadow file could be as follow:
luana:$1$TaORQ38u$Mfaih1b244CcesjU7Sj2T1:13975:0:99999:7:::
here, luana is the username
$1$ indicates we’re using a salt (TaORQ38u) and md5sum is being used to encrypt the key, $ signifies the beginning of the encrypted password (Mfaih1b244CcesjU7Sj2T1) and ends before :
2. Salt
salt is a string, publicly available (if you can see encrypted passwords you can see the salt), used to download tomtom de at ch help with the password encryption process. Since encryption is a on-to function (or a surjection - see http://mathworld.wolfram.com/Surjection.html) two of the download tomtom de at ch same words will encrypt to the same ciphertext. This means on a download tomtom de at ch system with very large amount of user there will be a download tomtom de at ch chance someone will use some very bad passwords (like “password” etc) and it will shows as two identical ciphertext in the shadow file.
Salt is download tomtom de at ch mostly unique to each user. It is often the encryption of the download tomtom de at ch time the user is added to the system (thus relatively unique for each user). This salt is download tomtom de at ch mixed with the user password before we start the encryption. This means for download tomtom de at ch any given two users it is extremely unlikely that they are download tomtom de at ch BOTH added to the system at the same time and use the download tomtom de at ch same password.
Simply put, salts allow the download tomtom de at ch system to afford users to use the same passwords without having two identical encrypted passwords in its password file.
3. Note about writing programs on linux that uses crypt()
crypt is standard to most c/c++ compilers on linux system. This means you don’t even have to do #include <> in your program to use these functions.
Example program:
#include <iostream>
int main()
{
std::cout<<crypt(”kccL;pw_d:”,”$1$TMVRB39B”);
return 0;
}
When compiled on linux system (with GNU cryptography library installed) you would run:
[lubox@neo 3]$ g++ hw3.cpp -o o -lcrypt
Notice the download tomtom de at ch -lcrypt option at the end. This will tell the compiler that download tomtom de at ch you are using crypt function.
The above program when run will yield output:
$1$TMVRB39B$PUaDAsZctLWtj0kteqvBe1
with the download tomtom de at ch salt the same, and the password is encrypted into the preceding bold part.
4. …