Although the source code to crypt is readily available, no technique has been discovered or publicized to translate the encrypted password back into the original password. Such reverse translation may not even be possible. As a result, the only known way to defeat Unix password security is via a brute-force attack see the next note , or by a dictionary attack.
This approach to breaking a cryptographic cipher is also called a key search or password cracking. It is made easier by the fact that DE uses only the first eight characters of the password as its key; dictionaries need only contain passwords of eight characters or fewer. Robert Morris and Ken Thompson designed crypt to make a key search computationally expensive. The idea was to make a dictionary attack take too long to be practical. At the time, software implementations of DES were quite slow; iterating the encryption process 25 times made the process of encrypting a single password 25 times slower still.
On the original PDP processors upon which Unix was designed, nearly a full second of computer time was required to encrypt a single password. To eliminate the possibility of using DES hardware encryption chips, which were a thousand times faster than software running on a PDP, Morris and Thompson modified the DES tables used by their software implementation, rendering the two incompatible. The same modification also served to prevent a bad guy from simply pre-encrypting an entire dictionary and storing it.
What was the modification? There is no published or known method to easily decrypt DES-encrypted text without knowing the key. To decrypt something encrypted with DES is computationally expensive; using the fastest current, general-purpose computers might take hundreds of years. However, computers have grown so much faster in the past 25 years that it is now possible to test millions of passwords in a relatively short amount of time.
As table salt adds zest to popcorn, the salt that Morris and Thompson sprinkled into the DES algorithm added a little more spice and variety. Each of the 4, different salts makes a password encrypt a different way. Unix stores the salt as the first two characters of the encrypted password. Table shows how a few different words encrypt with different salts. Notice that the last password, norahs , was encrypted two different ways with two different salts.
Alec Muffett, the author of the Crack program discussed in Table , related an entertaining story to us about the reuse of passwords in more than one place, which we paraphrase here.
The company was concerned about security, so all passwords were random strings of letters with no sensible pattern or order. One day, Alec fed the AberMUD passwords into his development version of the Crack program as a dictionary, because they were stored on his machine as plaintext. He then ran this file against his system user-password file, and found a few student account passwords.
He had the students change their passwords, and he then forgot about the matter. Some time later, Alec posted a revised version of the Crack program and associated files to the Usenet.
They ended up in one of the Usenet sources newsgroups and were distributed quite widely. The moral of the story is that you should teach your users never to use their account passwords for other purposes—such as games or web sites. They never know when those passwords might come back to haunt them!
For developers, the moral is that all programs—even games—should store passwords encrypted with one-way hash functions. In recent years the security provided by the salt has diminished significantly. Sankar Anbu. Sankar 1, 7 7 silver badges 15 15 bronze badges. Sign up or log in Sign up using Google. Sign up using Facebook. Sign up using Email and Password. Post as a guest Name. Email Required, but never shown. The Overflow Blog.
Podcast Making Agile work for data science. Stack Gives Back Featured on Meta. Previous Page. Next Page. Useful Video Courses. More Detail. Essentials of Unix Operating System 5 Lectures 4. Unix and Linux Training 6 Lectures 4 hours Uplatz. Previous Page Print Page. Save Close. Immediately expire an account's password.
This option is used to disable an account after the password has been expired for a number of days. Following the provided link I attempted to update my password to one of my own Shell Programming and Scripting.
Password hiding in UNIX. Now I need to write the password into another file pwd. Another thing is to when I echo the content of pwd.
Thanks guys. Help me out. Our customers open those files with Excel. A new requirement is that we password protect those CSV files. I thought to pack them with ZIP and assign a password to the archive. But Solaris 10 can't encrypt ZIP files. Password protection in unix. How to create a file in UNIX which is password protected?
Thanks and Regards, Neeraj 5 Replies. Logging in unix account taking password from a parameter file. Hi All, I am writing a script where it updates a file in an unix account.
To update that file i need to be logged in as that account user. What i want to do is, my script should read login id and password from a parameter file and Problem in converting password protected excel file to csv file in unix.
0コメント