Passwords
Table of Contents
Abstract: This chapter is about how computer systems authenticate users. We focus on the password system of Linux in detail and that of Windows briefly. Cryptography forms the backbone of any password system. We sketch the password cracking procedures and describe lab experiments that use well-known cracking tools.
1 Educational Objectives
Students should be able to
- Recognize the limitations of the typical password schemes
- Sketch the cracking algorithms, and use cracking tools
2 User Authentication Approaches
- Authentication of Users, Services, Servers, Documents, …
- User Authentication Approaches
- What You Know
- What You Have
- What You Are
- Password Verification Services
- One Time Password (OTP) Authentication
- Two-Factor Authentication
- Choosing good passwords; What are weak passwords?
3 Linux Passwords Overview
- Passwords, Hashing, Salting
- Cryptography, MD5, SHA1 Digests
- DES Encoding of Passwords
- The Linux Password Shadow System
- Pluggable Authentication Modules (PAM)
- ./Linux/passwords-linux.html All the above
3.1 Windows Passwords Overview
4 Password Storage
- Passwords are never stored as plain text. Only the results of crypto hashes (and some more mangling known as "salting") are stored.
- ./Linux/salted-hashes.html Intro to hash functions and salting.
- There are only two ways to determine the un-encoded password p given the hash r:
- Keep guessing a password p, compute chash(p) = r, until r is found in the table.
- Create a list of "all" passwords (column 1) and their hashed results (column 2). This is known as a "lookup table". Such a table will be huge (based on the "all" passwords in your collection), but is very simple to use and is fast. E.g., we can sort the lookup table based on column 2 and use binary search.
- Note that every password storage depends on the chash() chosen.
5 Password Cracking
- ./cracking.html All the below
5.1 Social Engineering
5.2 Causing a Password Reset
5.3 Fooling Finger Prints
5.4 Dictionary Attack
5.5 Rainbow Tables
5.6 Cracking Services
5.7 Storage of Past Broken Passwords
6 Password Labs
6.1 Some Well Known Cracking Tools
- John-the-Ripper
- hashcat
- RainbowCrack
- Hydra
- CrackStation
- Medusa
- L0phtCrack
- Cain-and-Able
- Word lists and Password Hashes
- ./cracking.html All the above
6.2 Tasks for you ToDo
- Lab #1 Password Cracking Locally
- Lab #2 Generating and Storing Rainbow Tables
- Lab #3 Password Cracking Using Cloud Services
- Crack #1 Three User Names and Passwords
- Crack #2 from a Real Linux Machine Setup
- Crack #3: SHA512 Password Hashes
- ./password-labs.html All the above
7 References
- https://haveibeenpwned.com/ Check if you have an account that has been compromised in a data breach. Recommended Visit.
- Lorrie Faith Cranor, What's wrong with your pa$$w0rd?, TEDxCMU, video 17:41, Mar 2014. Required Watch.
- Prabhaker Mateti, Cryptography, A lecture from Computer Security course. 2013. For 44xx: Required Reading. For 3900: Recommended Reading.
- http://www.piotrbania.com/all/kon-boot/ "Kon-boot is a chain loader that boots into Windows or Linux and sets up "hooks" at the kernel level that bypasses password checking." Recommended Visit.
- Joseph Bonneau, Cormac Herley, Paul C. van Oorschot, and Frank Stajano, "The quest to replace passwords: a framework for comparative evaluation of Web authentication schemes", IEEE Security and Privacy Symposium, May 2012. Recommended Reading
- Fred B. Schneider, "Something You Know, Have, or Are", http://www.cs.cornell.edu/courses/cs513/2005fa/nnlauthpeople.html, 2005. Recommended Reading