Passwords

A password is typically stored, not in clear text, in a database and and verification is applied by means of a one-way function, sometimes in combination with other data. If the one-way function does not incorporate a secret key, as does Kerberos or RSA, it's referred to as a "hash." This is the case of the legacy /etc/password file.

Possession of a password hash greatly facilitates "cracking" it since the cracking program can work on it off-line and evade what a system might have in effect (i.e.: limit on the number of login attempts) to prevent unauthorized access.

Obtaining passwords

The ways of obtaining passwords illicitly include:

• social engineering (tricking someone into revealing a password including calling a help desk under an assumed identity to have the password reset)
• wiretapping (sniffing out a clear-text or hashed password)
• keystroke logging (causing a computer to run a program that records keystrokes and then makes them available to the hacker)
• login spoofing (using a program that induces a user to think he or she is logging in when in fact, the password used is harvested by the hacker)
• dumpster diving (looking for passwords noted on scraps of paper)
• phishing (similar to spoofing, but over the Internet via e-mail and/or browser)
• shoulder surfing (looking over the shoulder of a person when he or she types a password)
• timing attack (use of a program to analyze the time it takes for a password to be analyzed and inuiting the password through subsequent attempts on its own based on remembering the outcome of earlier attempts)
• acoustic cryptanalysis (listening to the clatter of keys or tone of a touch pad to ascertain the password)
• identity management attacks
• compromise of host security (breaking into the computer and stealing passwords or hashes from known locations)

Attack methods

Methods of attack include:

• weak encryption (reversing a weak hashing or cryptographical function)
• guessing (trying words related to what is known about the user; family names, birthdates, alma mater, etc.)
• dictionary attack (exploit the tendancy of people to choose weak passwords including common words, popular fantasy character names, etc.)
• brute-force attack (trying every possible combination of characters)
• precomputation (hashing dictionary words ahead of time to diminish the amount of time needed to try more words)

Shadow passwords

Shadowing passwords means to increase its security level by hiding even its encrypted form from ordinary users. The best example of this is solving the problem of /etc/passwd, which is readable by all users including the hashed password for any given user, a knowledge of which can greatly reduce the time it takes to mount a successful attack.

On Linux systems, /etc/shadow stores the real hash for users and is not viewable by them. Password fields in /etc/passwd are then filled with x. Root access is required to see these hashes.

Links

Much of the contents of this document were plagierized from http://www.en.wikipedia.org/wiki/Password_cracking.