Linux passwords are stored on the machine in encrypted form. Encryption involves con- verting a text string, based on a repeatable algorithm, into a form that is very different from the original string. The algorithm must be repeatable so that when you log in, Linux can take your password and reproduce the encrypted form that it stores.
For instance, if your password is HelloWorld
the value stored on the Linux machine might resemble aa0BUOE5ufwxk
“HelloWorld” is a very bad password! For information on what makes a password good or bad, see “Password Protection,” later in the chapter.
Linux uses a one-way encryption algorithm. You can encrypt a password, but you can- not generate a password from an encrypted value. You can only try to guess passwords based on a dictionary attack or a brute force attack, which we discuss later in the chapter.
/etc/passwd
Most early versions of Linux stored passwords in an encrypted form in the file/etc/
passwd. During the login process, a user is asked for a username and password. The oper- ating system takes the username and looks up that user’s record in/etc/passwdto obtain his encrypted password. Then, the username and password are passed into an encryption algorithm function named crypt() to produce the encrypted password. If the result matches the encrypted password stored in/etc/passwd, the user is allowed access.
Here is an example of/etc/passwd: [jdoe@machine1 jdoe]$ cat /etc/passwd root:a1eGVpwjgvHGg:0:0:root:/root:/bin/bash
bin:*:1:1:bin:/bin:
daemon:*:2:2:daemon:/sbin:
adm:*:3:4:adm:/var/adm:
lp:*:4:7:lp:/var/spool/lpd:
sync:*:5:0:sync:/sbin:/bin/sync mail:*:8:12:mail:/var/spool/mail:
news:*:9:13:news:/var/spool/news:
uucp:*:10:14:uucp:/var/spool/uucp:
gopher:*:13:30:gopher:/usr/lib/gopher-data:
ftp:*:14:50:FTP User:/home/ftp:
nobody:*:99:99:Nobody:/:
xfs:*:100:101:X Font Server:/etc/X11/fs:/bin/false jdoe:2bTlcMw8zeSdw:500:500:John Doe:/home/jdoe:/bin/bash student:9d9WE322:501:100::/home/student:/bin/bash
Each line in/etc/passwdis a colon-separated record. The fields in/etc/passwd represent
▼ The username
■ The encrypted password
■ The user ID number
■ The group ID number
■ A comment about the user (often the user’s name)
■ The home directory
▲ The default shell
Notice that the encrypted password is in view in the second field in the record:
jdoe:2bTlcMw8zeSdw:500:500:John Doe:/home/jdoe:/bin/bash This file is readable by all users:
[jdoe@machine1 jdoe]$ ls -l /etc/passwd
-rw-r--r-- 1 root root 842 Sep 12 16:24 /etc/passwd The fact that the encrypted passwords are viewable by everyone leaves the system vulnerable to a password attack. The term password attack is a broad term, but it generally means any attempt to crack, decrypt, or delete passwords. A deleted password is one that is blank; this is as good as a decrypted password since the password is simply theENTER
key. Recall that Linux uses a one-way encryption algorithm: given an encrypted version of a password, the password cannot be derived. However, if someone has an encrypted version of a password, an attempt can be made to guess the password.
Linux Encryption Algorithms
An encryption algorithm is a repeatable formula to convert a string into a form that is unrecognizable and very different from the original. There exist many different en- cryption algorithms, from very simple and easy to decrypt to very complicated and virtually impossible to decrypt. As an example, let’s look at one of the simplest en- cryption algorithms—rot13.
Rot13, or rotate 13, is an algorithm that takes a string and rotates the uppercase and lowercase alphabetic characters 13 character positions:
aàn AàN
bào BàO
… …
màz MàZ
nàa NàA
oàb OàB
… …
zàm ZàM
Given the string Hello, world
the rot13 encrypted result is Uryyb, jbeyq
The rot13 algorithm satisfies the first requirement of an encryption algorithm: it is repeatable (“Hello, world” always encrypts to “Uryyb, jbeyq”). However, it is not an ef- fective algorithm because the encrypted form is too similar to the original form, and the original is easily generated given the encrypted form: simply rotate the encrypted form again, and the original is re-created. Therefore, rot13 is not a one-way encryption algo- rithm and is not appropriate for Linux password encryption.
There are two algorithms used in Linux to encrypt passwords: DES and MD5. They are effective encryption algorithms because they are repeatable and virtually impossible to crack in a reasonable amount of time (given a strong enough encryption key).
MD5 is technically a hash algorithm, not an encryption algorithm. However, like DES, it converts the password into a form that is not decryptable.
The DES Algorithm
The Data Encryption Standard (DES) is one algorithm used to encrypt Linux passwords.
DES was developed by the U.S. government and IBM. DES is implemented bycrypt(3) and is the UNIX standard.
Thecrypt(3)function takes two arguments: key and salt. The key is the user’s pass- word, and the salt is a two-character string chosen from the set [a-zA-Z0-9./]. The user’s key is limited to a length of eight characters, and the lowest 7 bits of each byte of the user’s key is used to create a 56-bit key. This 56-bit key is used to encrypt a constant string (usually a string consisting of all zeroes), generating a 13-character string that is returned bycrypt(3).
Since the user’s password is the key used in the encryption algorithm (the value is a string of zeroes), the key must be known to decrypt the result. Since the key is not known (it should not be known since it is a user’s Linux password), the result is un-decryptable by any known function. Hence,crypt(3) implements a one-way encryption algorithm.
The result of thecrypt(3)function is a string in which the first two characters are the salt itself. The result has the following format:
▼ It is 13 characters in length.
▲ The characters are either alpha, digit, underscore, period, or dash:
a-zA-Z0-9_.-
For example, if the salt is the string “A1” and the user’s password is “MyPass,” the crypt(3)function will return
A1qLr2pFD.Ddw
Notice that the first two characters of the string, “A1,” make up the salt used to generate the result.
If the improbable happens and two users have the same password, “MyPass,” the chance of them having the same salt is 1 in 4096; therefore, the result of thecrypt(3) function for these two users will probably be different. As an example, if another user has the same password, “MyPass,” and her salt is “A2,” the result ofcrypt(3)would be A2.I0Myq3Nf.U
Notice that this result of encrypting “MyPass” is quite different from the previous result using a different salt.
Here is a Perl script that asks the user for a salt and a password, and passes the two values into thecrypt(3)function to compute the encrypted value:
#!/usr/bin/perl
# crypt.pl use strict;
print 'Please enter your salt: ';
my $salt = <STDIN>;
chomp $salt;
print 'Please enter your password: ';
my $passwd = <STDIN>;
chomp $passwd;
print 'The result is: ', crypt($passwd, $salt), "\n";
Here is an example of executing this program:
[jdoe@machine1 perl]$ ./crypt.pl Please enter your salt: x7
Please enter your password: IAmGod The result is: x7Se2vAt4SqKQ
Since DES was developed in part by the U.S. government, it is not exportable outside the United States.
The MD5 Algorithm
MD5, a hash algorithm, improves upon the use of DES in many ways:
▼ Infinite length passwords They are not limited to eight characters.
■ Much larger keyspace Here is an example of the output of MD5:
$1$rVh4/3C/$.xtBPA85bzw/2qBTOYY/R.
It is much longer than 13 characters, and the legal characters include punctuation and other characters.
▲ Exportable It was not developed in part by the U.S. government, so it can be exported outside the United States.
The following Perl script illustrates an implementation of MD5:
#!/usr/bin/perl –w
# md5.pl
use strict;
use MD5;
print 'Please enter your password: ';
my $passwd = <STDIN>;
chomp $passwd;
my $md5 = new MD5;
$md5->add($passwd);
my $digest = $md5->digest();
print("Result is ", unpack("H*", $digest), "\n");
Here is an example of executing this program:
[jdoe@machine1 perl]$ ./md5.pl Please enter your password: IamGod
Result is d8c653b74da4841b95b17d38a68f20cb
It is extremely unlikely, but possible, for two different passwords to generate the same encrypted text for MD5.