TN108 - Password Management
| 108.1 | Summary |
| 108.2 | Fundamentals of Good Password Management |
| 108.3 | Automated Password Generation |
| 108.4 | Preventing Weak Passwords |
| 108.5 | Password Crackers |
| 108.6 | Pseudo-Random Numbers in Password Generators |
| 108.7 | True Random Password Generator with Perl and /dev/random |
| 108.8 | Weak Random Password Generator using the Korn Shell |
108.1 Summary
For system administrators, password generation and management is an
important element to maintaining a secure environment. The system
administrator must assure that every account has a password that is
known only to the user and is not easily guessed by other users or
easily subjected to brute force attacks.
108.2 Fundamentals of Good Password Management
There are a few key elements to a good password management system.
a. Passwords must not be too short, too simple,
information obviously related to the user such as
the user's name or account name, or a permutations
of related information or prior passwords.
b. Passwords assigned by system administrator should be
easily remembered, stored, and entered into computer
systems, yet not readily susceptible to automated
brute force attacks.
c. No default passwords for new/reset accounts.
d. User's must change their passwords on a regular
basis.
108.3 Automated Password Generation
An automated password generator creates random passwords that are not
dictionary words and have no association with a particular user,
reducing the probability that the password could be guessed. Some
generators apply rules that make the generated password easier to
remember.
NIST has a standard for automated password generation, FIPS 181,
"Standard for Automated Password Generator." October 5, 1993. See:
http://www.itl.nist.gov/fipspubs/fip181.htm
http://csrc.nist.gov/publications/fips/fips181/fips181.txt
NIST based this standard on an algorithm proposed by Morrie Gasser in
"A Random Word Generator for Pronounceable Passwords" (National
Technical Information Service (NTIS) AD A 017676.) The NIST standard
also provides for a cryptographically secure random number source.
NIST's idea was that if the password was pronounceable it is easier to
remember and less likely to be written down by the end user in an
insecure location. FIPS 181 goes to great lengths to algorithmically
produce a random, yet pronounceable word. In my opinion, nearly as
usable results are obtained by simply alternating between consonants
and vowels. See TN108.7 and TN108.8 for reference implementations in
Perl and in Korn Shell, respectively.
In my opinion, the principle application for automated password
generation is for system administrators to set the initial password for
new and/or reset accounts. Without random password generation it is easy
for administrators to fall into a pattern of assigning weak passwords,
or worse yet, the same default password to new and reset accounts.
108.4 Preventing Weak Passwords
A common method of attack is to try to guess user's passwords on the
assumption that some users will choose a weak password. Unless measures
are in place to prevent weak passwords, this attack usually works on a
percentage of all user accounts.
Most systems have provisions to specify the minimum size of a password
and/or require that passwords contain certain classes of characters.
In the author's opinion, appropriate rules are:
a. 6 character minimum length
b. Must contain at least two alphabetic characters and at
least one other character that is punctuation or numeric.
c. Cannot contain permutations of user's name, account name
or last password. Permutations include reverse and circular
shifts or fragments having at least 4 characters in common.
Download a perl script implementing these rules and directly changing
/etc/shadow:
http://www.marchansen.com/bin/txt.cgi/tn108/chpasswd
There are programs with much more sophisticated rules and some even
offer to test proposed passwords against dictionaries and permutations
of dictionaries:
PAM, Pluggable Authentication Modules. Introduced by Sun, adopted by
others: http://java.sun.com/security/jaas/doc/pam.html
In particular note pam_cracklib.so, using Alec Muffett's CrackLib.
http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/pam.html
http://wwws.sun.com/software/solaris/pam/
http://www.dementia.org/~shadow/pam.html
Npasswd, from Clyde Hoover at The University of Texas at Austin
http://www.utexas.edu/cc/unix/software/npasswd/
Epasswd, from Eric Allen Davis at NASA Ames Research Center
http://www.nas.nasa.gov/Groups/Security/epasswd/
In my opinion, there is a trade-off between requiring stronger passwords
and keeping the password change system practical to use on a large
scale. Disqualify passwords because they can be broken by CrackLib may
disqualify so many passwords change attempts that the users find the
system unreasonable to use.
108.5 Password Crackers
System administrators can audit systems for weak passwords with password
cracking tools. In my opinion this is most useful as a tool to
understand exposure. If weak passwords are in use, then the tools
for changing passwords should be changed to enforce correct policy.
For Microsoft Windows:
LC4 from @stake (Formerly L0phtcrack from L0pht Heavy Industries)
http://www.atstake.com/research/lc/index.html
Dump password hashes (even with SYSKEY) with pwdump2
http://razor.bindview.com/tools/desc/pwdump2_readme.html
For UNIX:
The de facto standard is Alec Muffett's Crack
http://www.users.dircon.co.uk/~crypto/download/c50-faq.html
ftp://ftp.cerias.purdue.edu/pub/tools/unix/pwdutils/crack
John the Ripper
http://www.openwall.com/john/
108.6 Pseudo-Random Numbers in Password Generators
As the name suggests, pseudo-random numbers are not truly random.
Rather, they are generated with a mathematical formula. Pseudo-random
numbers have the characteristic that they are completely predictable if
you know the seed that started the sequence and the algorithm. For the
purpose of generating passwords, predictability is not a desirable
feature. In addition, with weak pseudo-random generators it may not even
be necessary to know the seed. Just guessing the last few numbers
generated may be all that is needed to predict future numbers.
There are two potential solutions.
a. Use a good, cryptographically sound, pseudo-random number generator
and choose a good seed. The seed needs to be some truly random
number and chosen from a large enough space of possibilities that all
possible seeds could not be efficiently tried in a brute force
attack.
b. Use a genuine source of random data. Many UNIX systems provide a
kernel module, /dev/random, that uses systems events (interrupts,
network traffic, etc.) as a source of entropy to produce real random
data. Some Intel chip sets come include a true random number
generator.
108.7 True Random Password Generator with Perl and /dev/random
Generates alternating consonants and vowels with one randomly positioned
numeric character. All lower case, no punctuation, 0, 1, x, or q.
This implementation in perl uses /dev/urandom, a kernel module available
on most UNIX systems as the source of random data. The /dev/urandom
driver gathers environmental noise from various non-deterministic
sources within the operating system environment.
/dev/urandom is like /dev/random but considerably faster. The
/dev/urandom driver does not wait for the entropy pool to recharge and
immediately returns as many bytes as requested. For password generation
this deemed acceptable. Applications requiring a higher quality of
randomness should use /dev/random instead.
The built-in Perl rand() function is not used because is uses the
standard C library routine rand (3) to generate pseudo-random numbers.
Some implementations of the rand function return only 16-bit random
numbers and may have other algorithmic weaknesses. A further weakness is
the source of the seed for the generator. The default seed is based on
the time and process ID, not a particularly large range of possible
seeds.
Download the perl script from:
http://www.marchansen.com/bin/txt.cgi/tn108/pass_gen
A PHP version of the above contributed by Doug Warner:
http://www.marchansen.com/bin/txt.cgi/tn108/passwordgen.php
With the password length set to eight characters, alternating consonants
and vowels, all lower case, and one numeric character, no zeros or ones,
there are 1,044,568,000 possible passwords:
4 consonants, 19 possibilities (no x or q)
3 vowels, 5 possibilities
1 numeric, eight possibilities (no 0 or 1)
8 possible positions for the numeric
19^4 x 5^3 x 8^1 x 8 = 1,044,568,000
This presents a much larger space than a dictionary for a brute force
attack without making the password extremely difficult to remember by
using mixed case and punctuation.
108.8 Weak Random Password Generator using the Korn Shell
Generates alternating consonants and vowels with one randomly positioned
numeric character. All lower case, no punctuation, 0, 1, x, or q.
Although the output looks similar to the perl script in TN108.7, the
Korn shell's built-in pseudo-random number generator accepts only a 16
bit integer as the seed so therefore has only 32,768 possible seeds.
Because the generator sequence starts over with each password there
cannot be anymore possible passwords then there are possible seeds. This
script uses the default seed, the shell's PID.
Download the shell script from:
http://www.marchansen.com/bin/txt.cgi/tn108/shpass_gen
|
