Attacks on Passwords
How secure are passwords
themselves? Passwords are somewhat limited as protection devices because of the
relatively small number of bits of information they contain.
Here are some ways you might
be able to determine a user's password, in decreasing order of difficulty.
·
Try all possible passwords.
·
Try frequently used passwords.
·
Try passwords likely for the user.
·
Search for the system list of passwords.
·
Ask the user.
Loose-Lipped Systems
So far the process seems
secure, but in fact it has some vulnerabilities. To see why, consider the
actions of a would-be intruder. Authentication is based on knowing the
<name, password> pair A complete outsider is presumed to know nothing of
the system. Suppose the intruder attempts to access a system in the following
manner. (In the following examples, the system messages are in uppercase, and
the user's responses are in lowercase.)
WELCOME TO THE XYZ COMPUTING SYSTEMS
ENTER USER NAME: adams
INVALID USER NAMEUNKNOWN USER
ENTER USER NAME:
We assumed that the intruder
knew nothing of the system, but without having to do much, the intruder found
out that adams is not the name of an authorized user. The intruder could try
other common names, first names, and likely generic names such as system or
operator to build a list of authorized users.
An alternative arrangement of
the login sequence is shown below.
WELCOME TO THE XYZ COMPUTING SYSTEMS
ENTER USER NAME: adams
ENTER PASSWORD: john
INVALID ACCESS
ENTER USER NAME:
This system notifies a user
of a failure only after accepting both the user name and the password. The
failure message should not indicate whether it is the user name or password
that is unacceptable. In this way, the intruder does not know which failed.
These examples also gave a
clue as to which computing system is being accessed. The true outsider has no
right to know that, and legitimate insiders already know what system they have
accessed. In the example below, the user is given no information until the
system is assured of the identity of the user.
ENTER USER NAME: adams
ENTER PASSWORD: john
INVALID ACCESS
ENTER USER NAME: adams
ENTER PASSWORD: johnq
WELCOME TO THE XYZ COMPUTING SYSTEMS
Exhaustive Attack
But the break-in time can be
made more tractable in a number of ways. Searching for a single particular
password does not necessarily require all passwords to be tried; an intruder
needs to try only until the correct password is identified. If the set of all
possible passwords were evenly distributed, an intruder would likely need to
try only half of the password space: the expected number of searches to find
any particular password. However, an intruder can also use to advantage the
fact that passwords are not evenly distributed. Because a password has to be
remembered, people tend to pick simple passwords. This feature reduces the size
of the password space.
Probable Passwords
Think of a word.
Is the word you thought of
long? Is it uncommon? Is it hard to spell or to pronounce? The answer to all three of these questions is
probably no.
Penetrators searching for passwords realize
these very human characteristics and use them to their advantage. Therefore,
penetrators try techniques that are likely to lead to rapid success. If people
prefer short passwords to long ones, the penetrator will plan to try all
passwords
but to try them in order by length. There are
only 261 + 262 + 26 3=18,278 passwords of
length 3 or less. At the assumed rate of one password per millisecond, all of
these passwords can be checked in 18.278 seconds, hardly a challenge with a
computer. Even expanding the tries to 4 or 5 characters raises the count only
to 475 seconds (about 8 minutes) or 12,356 seconds (about 3.5 hours), respectively.
This analysis assumes that people choose
passwords such as vxlag and msms as often as they pick enter and beer. However,
people tend to choose names or words they can remember. Many computing systems
have spelling checkers that can be used to check for spelling errors and
typographic mistakes in documents. These spelling checkers sometimes carry
online dictionaries of the most common English words. One contains a dictionary
of 80,000 words. Trying all of these words as passwords takes only 80 seconds.
Passwords Likely for a User
If Sandy is selecting a
password, she is probably not choosing a word completely at random. Most likely
Sandy's password is something meaningful to her. People typically choose
personal passwords, such as the name of a spouse, a child, a brother or sister,
a pet, a street name, or something memorable or familiar. If we restrict our
password attempts to just names of people (first names), streets, projects, and
so forth, we generate a list of only a few hundred possibilities at most.
Trying this number of passwords takes under a second! Even a person working by
hand could try ten likely candidates in a minute or two.
Thus, what seemed formidable in theory is in
fact quite vulnerable in practice, and the likelihood of successful penetration
is frightening. Morris and Thompson [MOR79]
confirmed our fears in their report on the results of having gathered passwords
from many users, shown in Table 4-2. Figure 4-15 (based on data from that study) shows the characteristics
of the 3,289 passwords gathered. The results from that study are distressing, and
the situation today is likely to be the same. Of those passwords, 86 percent
could be uncovered in about one week's worth of 24-hour-a-day testing, using
the very generous estimate of 1 millisecond per password check.
Lest you dismiss these
results as dated (they were reported in 1979), Klein repeated the experiment in
1990 [KLE90] and Spafford in 1992 [SPA92]. Each collected
approximately 15,000 passwords. Klein reported that 2.7 percent of the
passwords were guessed in only 15 minutes of machine time and 21 percent were guessed within
a week! Spafford found the average password length was 6.8 characters, and 28.9
percent consisted of only lowercase alphabetic characters. Notice that both
these studies were done after the Internet worm (described in Chapter 3) succeeded,
in part by breaking weak passwords.
Even in 2002, the British online bank Egg found
users still choosing weak passwords [BUX02].
A full 50 percent of passwords for their online banking service were family
members' names: 23 percent children's names, 19 percent a spouse or partner,
and 9 percent their own. Alas, pets came in at only 8 percent, while
celebrities and football (soccer) stars tied at 9 percent each. And in 1998,
Knight and Hartley [KNI98] reported that
approximately 35 percent of passwords are deduced from syllables and initials
of the account owner's name.
Two friends we know have told
us their passwords as we helped them administer their systems, and their
passwords would both have been among the first we would have guessed. But, you
say, these are amateurs unaware of the security risk of a weak password. At a
recent meeting, a security expert related this experience: He thought he had
chosen a solid password, so he invited a class of students to ask him a few
questions and offer some guesses as to his password. He was amazed that they
asked only a few questions before they had deduced the password. And this was a
security expert.
Several news articles have
claimed that the four most common passwords are "God,"
"sex," "love,"and "money" (the order among those
is unspecified). The perhaps apocryphal list of common passwords at geodsoft.com/howto/password/common.htm appears at
several other places on the Internet. Or see the default password list at www.phenoelit.de/dpl/dpl.html. Whether these are
really passwords we do not know. Still, it warrants a look because similar
lists are bound to be built into some hackers' tools.
Several network sites post
dictionaries of phrases, science fiction characters, places, mythological
names, Chinese words, Yiddish words, and other specialized lists. All these
lists are posted to help site administrators identify users who have chosen weak
passwords, but the same dictionaries can also be used by attackers of sites
that do not have such attentive administrators. The COPS [FAR90], Crack [MUF92], and SATAN [FAR95] utilities allow an administrator to scan a system for weak
passwords. But these same utilities, or other homemade ones, allow attackers to do the same. Now Internet
sites offer so-called password recovery software as freeware or shareware for
under $20. (These are password-cracking programs.)
People think they can be
clever by picking a simple password and replacing certain characters, such as 0
(zero) for letter O, 1 (one) for letter I or L, 3 (three) for letter E or @
(at) for letter A. But users aren't the only people who could think up these
substitutions. Knight and Hartley [KNI98]
list, in order, 12 steps an attacker might try in order to determine a
password. These steps are in increasing degree of difficulty (number of
guesses), so they indicate the amount of work to which the attacker must go to
derive a password. Here are their password guessing steps:
·
no password
·
the same as the user ID
·
is, or is derived from, the user's name
·
common word list (for example, "password,"
"secret," "private") plus common names and patterns (for
example, "asdfg," "aaaaaa")
·
short college dictionary
·
complete English word list
·
common non-English language dictionaries
·
short college dictionary with capitalizations (PaSsWorD) and
substitutions (0 for O, and so forth)
·
complete English with capitalizations and substitutions
·
common non-English dictionaries with capitalization and
substitutions
·
brute force, lowercase alphabetic characters
·
brute force, full character set
Although the last step will
always succeed, the steps immediately preceding it are so time consuming that
they will deter all but the dedicated attacker for whom time is not a limiting
factor.
Plaintext System Password List
To validate passwords, the
system must have a way of comparing entries with actual passwords. Rather than
trying to guess a user's password, an attacker may instead target the system
password file. Why guess when with one table you can determine all passwords
with total accuracy?
On some systems, the password
list is a file, organized essentially as a two-column table of user IDs and
corresponding passwords. This information is certainly too obvious to leave out
in the open. Various security approaches are used to conceal this table from
those who should not see it.
You might protect the table
with strong access controls, limiting access to the operating system. But even
this tightening of control is looser than it should be, because not every
operating system module needs or deserves access to this table. For example,
the operating system scheduler, accounting routines, or storage manager have no
need to know the table's contents. Unfortunately, in some systems, there are
n+1 known users: n regular users and the operating system. The operating system
is not partitioned, so all its modules have access to all privileged
information. This monolithic view of the operating system implies that a user
who exploits a flaw in one section of the operating system has access to all
the system's deepest secrets. A better approach is to limit table access to the
modules that need access: the user authentication module and the parts
associated with installing new users, for example.
If the table is stored in
plain sight, an intruder can simply dump memory at a convenient time to access
it. Careful timing may enable a user to dump the contents of all of memory and,
by exhaustive search, find values that look like the password table.
System backups can also be
used to obtain the password table. To be able to recover from system errors,
system administrators periodically back up the file space onto some auxiliary
medium for safe storage. In the unlikely event of a problem, the file system
can be reloaded from a backup, with a loss only of changes made since the last
backup. Backups often contain only file contents, with no protection mechanism
to control file access. (Physical security and access controls to the backups
themselves are depended on to provide security for the contents of backup
media.) If a regular user can access the backups, even ones from several weeks,
months, or years ago, the password tables stored in them may contain entries
that are still valid.
Finally, the password file is
a copy of a file stored on disk. Anyone with access to the disk or anyone who
can overcome file access restrictions can obtain the password file.
Encrypted Password File
There is an easy way to foil
an intruder seeking passwords in plain sight: encrypt them. Frequently, the
password list is hidden from view with conventional encryption or one-way
ciphers.
With conventional encryption,
either the entire password table is encrypted or just the password column. When
a user's password is received, the stored password is decrypted, and the two
are compared.
Even with encryption, there
is still a slight exposure because for an instant the user's password is
available in plaintext in main memory. That is, the password is available to
anyone who could obtain access to all of memory.
A safer approach uses one-way
encryption, defined in Chapter 2. The
password table's entries are encrypted by a one-way encryption and then stored.
When the user enters a password, it is also encrypted and then compared with
the table. If the two values are equal, the authentication succeeds. Of course,
the encryption has to be such that it is unlikely that two passwords would
encrypt to the same ciphertext, but this characteristic is true for most secure
encryption algorithms.
With one-way encryption, the
password file can be stored in plain view. For example, the password table for
the Unix operating system can be read by any user unless special access
controls have been installed. Because the contents are encrypted, backup copies
of the password table are no longer a problem.
There is always the
possibility that two people might choose the same password, thus creating two
identical entries in the password file. Even
though the entries are encrypted, each user will know the plaintext equivalent.
For instance, if Bill and Kathy both choose their passwords on April 1, they
might choose APRILFOOL as a password. Bill might read the password file and
notice that the encrypted version of his password is the same as Kathy's.
Unix+ circumvents this vulnerability by using a
password extension, called the salt. The salt is a 12-bit number formed from
the system time and the process identifier. Thus, the salt is likely to be
unique for each user, and it can be stored in plaintext in the password file.
The salt is concatenated to Bill's password (pw) when he chooses it; E(pw+saltB)
is stored for Bill, and his salt value is also stored. When Kathy
chooses her password, the salt is different
because the time or the process number is different. Call this new one saltK.
For her, E (pw+saltK) and saltK are stored. When either
person tries to log in, the system fetches the appropriate salt from the
password table and
combines that with the password before
performing the encryption. The encrypted versions of (pw+salt) are very
different for these two users. When Bill looks down the password list, the
encrypted version of his password will not look at all like Kathy's.
Storing the password file in a disguised form
relieves much of the pressure to secure it. Better still is to limit access to
processes that legitimately need access. In this way, the password file is
protected to a level commensurate with the protection provided by the password
itself. Someone who has broken the controls of the file system has access to
data, not just passwords, and that is a serious threat. But if an attacker
successfully penetrates the outer security layer, the attacker still must get
past the encryption of the password file to access the useful information in
it.
Indiscreet Users
Guessing passwords and
breaking encryption can be tedious or daunting. But there is a simple way to
obtain a password: Get it directly from the user! People often tape a password
to the side of a terminal or write it on a card just inside the top desk
drawer. Users are afraid they will forget their passwords, or they cannot be
bothered trying to remember them. It is particularly tempting to write the
passwords down when users have several accounts.
Users sharing work or data
may also be tempted to share passwords. If someone needs a file, it is easier
to say "my password is x; get the file yourself" than to arrange to
share the file. This situation is a result of user laziness, but it may be
brought about or exacerbated by a system that makes sharing inconvenient.
In an admittedly unscientific
poll done by Verisign [TEC05],
two-thirds of people approached on the street volunteered to disclose their
password for a coupon good for a cup of coffee, and 79 percent admitted they
used the same password for more than one system or web site.
Related Topics
Privacy Policy, Terms and Conditions, DMCA Policy and Compliant
Copyright © 2018-2023 BrainKart.com; All Rights Reserved. Developed by Therithal info, Chennai.