Re: [cobalt-security] booting password crackers...

[jk@xxxxxxxxxxxx (Jens Kristian Søgaard)]

Mike Vanecek <nospam99@xxxxxxxxxxxx> writes:

> Why is it that when I use this url to generate passwords for userid root and
> password "hahaha really think weare sooo damn stupid" that I get different
> results each time?:

> root:upWhLNhcx8XnA
> root:fdEFJIU.vqXV6

> Obviously, the encryption algorithm has some randomness to it??

What you see is the effect of the so called "salt" that was introduced
to the Unix password protection scheme by Morris (you remember, his
son were the guy that broke the internet with the internet worm).

To take the first example you give:

        root:upWhLNhcx8XnA

Here

        root

is the username

        :

seperates parts in a passwd/shadow file

        up

is the salt

        WhLNhcx8XnA

is the encrypted password


When you make a new password, you take two random chars (called a
"salt"). These two chars are prepended to the password and encrypted
along with the rest. But the salt is also stored in _cleartext_ as the
two first bytes of the password field in passwd/shadow files.

This means that if you want to check a password, you first add the two
salt bytes, encrypt - and compare to what's stored in the password
file.

The advantage of the salt scheme is, that an attacker cannot create a
large "dictonary" or "database" of encrypted passwords. Like:

        secret = eI2Ls9
        two    = l8YeHs

Adding these two saltbytes adds a lot of new possibilities, which
means that he would have to store a dictonary like this:

        01secret = 01eI2Ls9
        02secret = 02aldAJs
        03secret = 03sdJKsd
        etc.

This makes it bad idea to try making a complete "reference" to
passwords, as the diskspace needed is enormous.


-- 
Jens Kristian Søgaard,
jk@xxxxxxxxxxxx -- http://www.jksoegaard.dk/
Søger du noget? -- http://www.google.com/
echo|perl -ple'$_+=4E-6*!int rand()**2+rand()**2while$i++-1E6'