3 - 1
Information Assurance Foundations - SANS
©2001
1
Password Assessment and
Management
Security Essentials
The SANS Institute
This module will address password security. Although user names and passwords are a familiar
technology, most people are not aware of the inherent weaknesses in many of the different password-
based authentication schemes in use today. These weaknesses are important to understand since many
networks would be compromised if passwords on just a few key machines (such as firewalls, DNS
servers, or Windows domain controllers) were known to an attacker.
Many of us remember how, in the movie Wargames, a teenager breaks into the government's super-
secret WOPR computer by guessing the username and password of the scientist who created WOPR's
software. The teen researched information publicly available about the scientist, and guessed that the
man's password was the name of his young son -- Joshua. That familiar example illustrates exactly why
it is important not to use words or names that might be associated with a person as passwords. These
values can be guessed by an attacker.
Further, most of us are aware that we shouldn't use passwords that are too short (because all character
combinations can be easily tried) or write passwords on a sticky note and put the note under the
keyboard. But beyond this basic understanding, can we quantify what makes a password difficult to
guess when a computer is used as the guessing engine? It turns out that the (sometimes non-intuitive)
answer depends on the particular method used to protect the sensitive information.
In this module we will explore how and why we strive to protect passwords on the following two levels:
• The password files should be protected from reading or theft.
• It should be computationally infeasible (ideally) for an attacker to guess the password values even
given the password files. If an attacker does manage to obtain a copy of a password file, we do not want
him to be able to use the information contained therein to recover the password values.
We will see that the methods used to achieve password protection differ between operating systems,
vary in effectiveness, and in some cases have undergone recent evolution. This module will explore

to meet the increased cracking challenges posed by recent upgrades to the Unix and Windows
password protection mechanisms.
3 - 3
Password Assessment and Management - SANS
©2001
3
Why Are Passwords So
Important?
• First line of defense
• Control access
• Get additional access
• Create back door for future access
Let's back up for a moment and think about why passwords are so important. Passwords are often the
first line of defense against interactive attacks on a system. Since it is fairly easy for someone to
figure out a user ID, the only thing protecting the system is a user’s password. If an attacker can
gather no helpful information to aid in the attack (such as password file contents or sniffed network
traffic) he must resort to either creative or "brute force" password guessing.
If an attacker can at least read the password file or obtain a copy, his chances of successfully
obtaining an actual password increase significantly. Even if the attacker only obtains a lowly user-
level password, it is fair to assume that he will log on to the target system as the user and then break
into "root" via an operating system hole.
Consider this brief example. Most companies have dial-up access for remote access to their network.
Unfortunately in most companies, the dial-up modems reside behind the firewall, which means once
you are authenticated by the remote access server, you have access to the network. In this case, if
someone has a weak password, an attacker can use a war dialer to find the remote access number,
dial-up the number, guess a weak password, and within a matter of minutes, an attacker has just
gained full access to the network.
3 - 4
Password Assessment and Management - SANS
©2001

plaintext into ciphertext.
• The goal is to make the original text
unreadable.
• Three basic methods:
– symmetric - single key
– asymmetric - two keys (public and private)
– hash – one-way algorithm, no key
This section will cover a brief overview of encryption so that you can understand why and how
password cracking works. For additional details, there are two additional modules in this training
course that cover encryption in-depth.
In its most basic form, cryptography is the process of converting plaintext into ciphertext, with the
goal of making the original text unreadable. Basically, plaintext is the original, human-readable
message and ciphertext is the unreadable message in its encrypted form.
Therefore, since the goal of passwords is to make them unreadable, they are stored in encrypted form.
There are three basic types of encryption. Symmetric encryption uses a single key to encrypt and
decrypt the message. Symmetric encryption is also known as secret key encryption because a single,
secret key is used for encryption and decryption. If two people wanted to communicate, they would
both have to have the same key. One person would use the key to encrypt the message, and the other
person would use the same key to decrypt it. The security of the scheme relies on the fact that an
attacker does not know the secret key.
Asymmetric encryption uses two keys, a public and a private key. Asymmetric encryption is also
known as public key cryptography because it uses both a private key and a public key to encrypt and
decrypt information. The public key is given to everyone while the private key is only known by the
owner. These keys form an "encryption-decryption pair" -- anything encrypted with the public key can
be decrypted with the private key, and anything encrypted with the private key can be decrypted with
the public key.
Note that symmetric and asymmetric encryption mechanisms provide both for translating text into
ciphertext, and for recovering the original text from the ciphertext. Hash functions are a little bit
different. Hash algorithms are considered "one-way" functions because they perform a one-way
transformation of information that is irreversible. Basically, given an input string, the hash function

original passwords) on disk. When a user attempts to authenticate, the computer applies the hash
algorithm to the password the user has supplied for authentication. If the hash of the user-supplied
password matches the hash stored on disk, the user is successfully authenticated.
Password cracking is the process of trying to guess or determine someone’s plaintext password,
given only their encrypted password. The process does not actually "crack" the encryption, but rather
mimics the actions that would be taken if a user tried several passwords until they guessed the right
one. Each "guess" is hashed and compared to the stored value. When a match is found, the user is
authenticated. "Cracking" is the process of using a computer to generate many "guesses" and quickly
try them all against the hashed password value until a match is found. The cracking operation is
performed "offline", against a recovered password file.
The general method for cracking is the following:
•Find a valid user ID
•Find the encryption algorithm used
•Obtain the encrypted password
•Create a list of possible passwords
•Encrypt each password
•See if there is a match
One tip for speeding up the process is to pre-compute the encrypted versions of all possible clear-text
passwords. At that point the entire process reduces to comparing the encrypted password of interest
with all values on the pre-computed list. When a matching encrypted value is found, we extract the
clear-text password corresponding to the encrypted match to find the answer.
3 - 7
Password Assessment and Management - SANS
©2001
7
Methods of Password Cracking
• Dictionary attack
• Hybrid attack
• Brute force attack
There are three general methods for cracking passwords. The main difference between the

• Recovering a forgotten password
• Recovering an unknown password
• Migrating users
• Checks and balances
There are many reasons for computing users’ passwords. First and foremost is for a system administrator
to audit the strength of the passwords that their users are using. There are password filters for Unix, but
how do you know how well you have chosen a filter? Without testing the passwords generated by users
against a real-world password cracker, you are guessing at the time it will take an external attacker or
malicious insider to uncover the passwords. Other uses include recovering a forgotten password,
retrieving the password of a user in order to impersonate them, or migrating Windows NT users to another
platform such as Unix.
Migrating users from one platform to another is included for completeness, but is not recommend. In
every case where I saw companies attempt to do this, it never worked and always resulted in a security
violation. An example of this would be a company that currently has 2 NT domains and they want to
migrate to a single domain. Instead of moving half of the accounts to one domain, giving those users a
new temporary password that is the same for all users, and have all users logon and change their password,
a company might want to make this process transparent to them. One way to do this is to crack all of the
passwords on one domain and then manually enter the new account with the old password for each user on
the new system. This way when the users come in, they can logon with their old password and not even
know that their account has been migrated. The negative side is several users besides the end user now
know the user’s password. As you can imagine, this could lead to a lot of potential problems.
Some could also argue that cracking user’s passwords also results in a potential security violation, because
once the password is cracked others will know that user’s password. As we all know this is not an issue
because everyone trusts security. ☺ (Sorry, there I go with geek humor again.) Since this is a concern,
password cracking can be used for checks and balances, where strong passwords are never cracked. For
example, if the password policy for a particular company says all passwords must contain alpha
characters, numbers, and special characters, then a customized cracking scheme can be developed. We
can use our password cracker to crack passwords that only contain alpha characters, or numbers, or special
characters, or alpha characters and numbers, or alpha characters and special characters, or numbers and
special characters. In this case if the password adheres to the policy, which means it contains alpha

©2001
10
Crack
• Available from
/>•Features
– Configurable password cracking
– Modular approach with various scripts
– Combining and extracting password files
– Works with any crypt() implementation
Crack’s main function is to crack passwords on a Unix machine. There are some versions that have
been ported to other operating systems, but the original program works only on Unix. Crack also has
a modular approach where Crack is used only to crack user passwords. But what makes Crack so
useful is that it comes with various other scripts. For example, one script is used to view the results
of running Crack. Another script is used to combine password files. This is very useful because it
makes it very flexible and adaptable to be used in various environments.
One of the distinguishing strengths of Crack is the huge number of rules (over 2000) it uses to create
permutations of password guesses. Each time Crack is run it uses supplementary information from
the password file's comment fields to create a new wordlist (in addition to using the standard
dictionaries and permutations thereof). Often users will put information about themselves, such as
their full name, in the comment field and then use some permutation of this information as their
password. Crack takes advantage of the comment information to create a list of password guesses
specifically tailored for each user.
3 - 11
Password Assessment and Management - SANS
©2001
11
Crack Requirements
• Requirements
– Unix-like operating system
– C compiler

©2001
12
Configuring Crack
• Download Crack file
• Unzip the file using gzip
– gunzip -r crack5.0.tar.Z
• Untar the file
– tar -xvf crack5.0.tar
• Read manual.txt
• Edit the script file
• Compile program
– crack -makeonly
– crack -makedict
Once you download Crack, there are several steps that must be performed prior to running it. This is because you
do not download an executable like you do with Windows; you download the source files which need to be
compiled and configured in order to run the program.
After you successfully download Crack, unzip and untar the file crack5.0.tar.gz with the command tar -xzvf
crack5.0.tar.gz. A directory called c50a is generated with subdirectories holding configuration files,
documents, scripts, source codes, etc. Text files like Makefile, Reporter, and Crack are also generated. A
manual.txt file is there too (which is the same as the README file).
Next, READ the manual.txt file. This is just to give you an overview and more detailed information of how to use
the program. These slides will give you enough information to get Crack up and running on supported systems.
Then, edit the Crack script file and reconfigure the values of CRACK_PATH, C5FLAGS, CC, CFLAGS, and
LIBS to suit the operating system.
If you are running a supported operating system like Solaris, you do not need to make any changes to the script
files. You would only need to do that if you are running it on a version of Unix that has not been tested or are
using a different encryption algorithm. It is recommended that you look at these files, but you could also just try
compiling with the standard scripts to see what happens.
Finally, issue the commands Crack -makeonly and then Crack -makedict. After these two steps, a
binary executable Crack file is generated. You should view the output of these commands to make sure no errors

files it uses to crack passwords.
To check results of the Crack program, run the Reporter script. This script outputs the results of which passwords
were cracked. This can also be piped to a file. If you used an earlier version of Crack, it no longer generates
human-readable output directly; instead, to see the results of a Crack run, the user should do: ./Reporter [-
quiet] [-html]
Guesses are listed chronologically, so users who wish to see incremental changes in the output as Crack continues
to run over a course of days or weeks, are encouraged to wrap invocations of "Reporter" in a script with "diff".
The -quiet option suppresses the reporting of errors in the password file (corrupt entries, etc), while -html
produces output in a fairly basic HTML-readable format.
3 - 14
Password Assessment and Management - SANS
©2001
14
Crack Options
• -debug
• -recover
• -fgnd
• -fmt format
• -from
N
• -keep
• -mail
• -network
• -nice N
• -makeonly
• -makedict
• -kill
filename
• -remote
The following are the options available with Crack and a brief explanation of each. Crack automatically

• User Mary password #57adm7#
• User Sue password sue
• User Lucy password 12345
• User Pat no password
• User Tim password password
• User Cathy password 55555
• User Frank password abcde
• User Tom password mnopqr
• User Karen password bbbbbbbb
To show you how effective Crack is at cracking passwords, this is a sample password file that was
used and the corresponding passwords.
3 - 16
Password Assessment and Management - SANS
©2001
16
Results From Crack
Output From Reporter
• ---- passwords cracked as of Tue Aug 17 10:41:00 EDT 1999 ---
• 0:Guessed pat [<no-ciphertext>] [npasswd /bin/sh]
• 934899050:Guessed eric [eric] [npasswd /bin/sh]
• 934899050:Guessed lucy [12345] [npasswd /bin/sh]
• 934899050:Guessed sue [sue] [npasswd /bin/sh]
• 934899259:Guessed tim [password] [npasswd /bin/sh]
• 934899274:Guessed frank [abcde] [npasswd /bin/sh]
• 934899304:Guessed karen [bbbbbbbb] [npasswd /bin/sh]
• 934899342:Guessed cathy [55555] [npasswd /bin/sh]
• -----done--------
Basically by typing ./Reporter, the above results are displayed to the user to show you which
passwords were cracked.
3 - 17

Password Assessment and Management - SANS
©2001
18
How To Protect Against It
• Enforce a strong password policy
• Use shadow passwords
• Use one-time passwords
• Use passwd to enforce strong
passwords
There is no one set way to protect your site from someone guessing your passwords, but there are
steps you can take to minimize the chances.
A key to protecting passwords is a strong password. By having a strong password, you can make it
very difficult for someone to crack. Also, by using shadow password files you can restrict access to
the encrypted passwords. One-time passwords are also effective because they change each time the
user logs in. There is also a program for Unix called passwd which will perform basic checks when
a user changes their password to make sure it is not an easy-to-guess password.
3 - 19
Password Assessment and Management - SANS
©2001
19
Enforce a Strong Password Policy
• Mandatory for all accounts
– Passwords change every 60 days
– Accounts locked after 3 failed
attempts
– All passwords must contain one
alpha, one number, and one special
character
– Can’t re-use previous 5 passwords
A password policy is critical for a secure system. A few general guidelines are given in the slide

– example - When I stub my toe I say
!@#$% 5 times
– password - WIsmtIs!@#$%5t
Choose a hard to guess password (the "do's"):
Use a mixture of upper and lower case letters as well as digits or punctuation.
When choosing a new password, make sure that it is unrelated to any previous password.
Use long passwords (e.g. at least 8 characters long).
Examples: A word pair with punctuation inserted, a passphrase (an understandable sequence of
words), or the first letter of each word in a passphrase.
In order to prevent easily guessable passwords, a password should never contain birthdays, names,
sport teams, or special interests. Anything that can be viewed while sitting at your desk should also
never be used as a password. Attackers can easily target an individual. Anything that stands out as a
potential password, should never be used because it is to easy for someone to guess.
What I suggest is instead of picking words as passwords, users should be trained to pick a phrase. If
I told you that your new password was WIsmtIs!@#$%5t, you would probably think I was crazy.
Your response might be, “How in the world am I going to remember that password?” On the other
hand if I told you to remember the phrase, “When I stub my toe I say !@#$% 5 times,” you would
probably agree that it is fairly reasonable. The main emphasis of a password policy should not only
be to tell the user what is expected of them, but help them generate strong passwords that are fairly
easy to remember.
3 - 21
Password Assessment and Management - SANS
©2001
21
Use Shadow Passwords
• Older versions store all information in
/etc/passwd, which has read access.
– Everyone can see encrypted passwords
• With shadow password files, encrypted
passwords are stored in a separate file,

Using Crack with Shadow
Password Files
• Must have root access to read
/etc/shadow
• Crack cannot read shadow file
• Must merge shadow and passwd file
together
• Use following scripts:
• shadmrg.aix
• shadmrg.sv
Crack can still be run even if you are using shadow files, it just greatly restricts who can run it since
you need root access to read the file. Even if you can read the shadow file, Crack cannot read it
directly. Therefore you must run the shadmrg script to merge the /etc/passwd and the
/etc/shadow files together so Crack can read it correctly. Basically, the shadmrg script creates
the older version of the /etc/passwd file that contains both the user ID and encrypted password.
The shadmrg script takes no arguments and must be edited to point to the correct location of the
passwd and shadow files (it assumes /etc/passwd and /etc/shadow by default).
3 - 24
Password Assessment and Management - SANS
©2001
24
Use One-time Passwords
• Each time the user logs on they use a
different password
• Password is only good for one session
• Example
– smart cards
– challenge/response
–SKEY
• Biometrics

password
Passwd checks the user’s password whenever they change or select a new password. Passwd makes
several checks, including the following:
• user must enter password twice.
• verifies the password is a minimum length.
• verifies password must be a mixture of letters, numbers, and special characters.
• verifies password is not the user’s name.
• verifies new password differs from previous password.