Data Protection and Security

   

VII

Identification and Entity Authentication

    

VII.II

Passwords

    
   
 

Features of Unix Passwords

Beside its deficiencies, it has also some nice features worth to look at. These are:

  • Rather than storing a plaintext user password in a (read and write protected) password file, the “encrypted” password is stored in a file, which is only write protected (or read and write protected, see the question below).
  • To make dictionary attacks less effective, each password, upon initial entry, is augmented with a 12-bit random string (salt) taken from the system clock.
  • It employs a salted modification of DES, thereby prevents adversaries using off-the-self DES chips deterring those with modest resources.
  • By iterating the DES function 25 times, it slows down attacks, which involve testing a large number of trial passwords.

In order to verify passwords, if the server simply directly stores passwords, the password list must be protected very carefully. Besides, since most of the time the system keeps backup and if backup tapes are not protected as the system itself, an attacker can obtain the password list from the backup. This is why Unix do not store actual password list. Rather than using DES for encryption, Unix runs it as a one-way function, taking the password typed as the input and check whether the output is as same as the hash of the real password.

The way Unix uses the salting technique is as follows. For each user having a password, the system chooses a random number (the salt value) and stores it in plaintext in the password file. The hash stored in the system is the hash value of the combination of the password and the salt. For verification, the hash computed is also the hash of the password typed and the salt stored. This simple technique does not make it harder for guessing individual passwords because the salt values are available in plaintext to the attacker who obtains the password file. However since for each password a different salt value is used, it becomes impossible for the attacker to perform one hash operation and see whether the output is as same as one of the entries in the password file.

 

    

VII.II.III Q

[+] Question

[-] Question

Originally, standard Unix systems make the password file publicly available since instead of the plaintext passwords, the one-way hash of each password is stored which cannot be used as the password itself. Many systems have now been modified and the password file is also read-protected. What is the reason for this change (hint: remember offline dictionary attacks)?

    

VII.II.IV Q

[+] Question

[-] Question

Suppose a new version of Unix uses a one-way hash algorithm (e.g. SHA-1) instead of DES algorithm. Can you modify Figure 1 to reflect the change from DES to SHA-1?

    
   
       
 
«previous session [1] [2] [3] [4] [5] next session »
   
       
 
«proceed to previous section proceed to next section »
  chapter index