Brief Summary of Standard
Password Hashes on Unix and
Linux Systems 2014
RHEL and CentOS 6.5, OpenSUSE 13.1, Ubuntu 14.04,...
Standard Password Hashes Unix and
Linux Systems – May 2014
The following information is based on current versions of
opera...
Standard Password Hash Example
Contrary to popular belief, the account password entries in /etc/shadow can have
more than ...
Inside Hashed Password String
What is inside the password string $5$Salt$Hash from the previous slide:
$5 SHA-256 hashing
...
Rounds in Password Hashes
The security of existing hashing algorithms like MD5 can be increased.
It is done through proces...
Examples of Valid Password Hashes on
Linux Systems*
SHA-256 hashing:
$5$Y4HhzEPz$mXSHm95E/4MQPp.3X4Km5R/ysct0WT45FzdX2mPko...
Example of Password Hashes in Perl *
my %PWHASHARR = ( "1", "hashing-algorithm=MD5",
"2a", "hashing-algorithm=Blowfish",
"...
Linux Standard Hashes
In current Linux distributions, the following prefixes for hashes are standard:
"1" hashing-algorith...
FreeBSD Standard Hashes
In current FreeBSD 10 distributions, the following prefixes for
hashes are standard:
"1" hashing-a...
Solaris 11 Standard Hashes
In current Solaris distributions, the following prefixes for
hashes are standard:
"1" hashing-a...
AIX 7 Standard Hashes
In current AIX distributions, the following prefixes for hashes are
standard:
File /etc/security/log...
HP-UX 11i v3 Standard Hashes
Default prefix for hash is:
"__unix__" hashing-algorithm=DES
HP-UX 11i v1 (11.11) and 11i v2 ...
HP-UX 11i v3 SHA-512 Restrictions
• HP-UX PHI11i3 can be installed only on systems with passwords
stored in the /etc/shado...
Recommendations forUnix
Minimum recommended password hashing should be SHA-512 if
supported by operating system.
To change...
Recommendations forLinux
Minimum recommended password hashing should be SHA-512 if
supported by operating system.
For diff...
How to Change Numberof Rounds on
RHEL, Debian, Ubuntu Distributions
Edit /etc/pam.d/passwd (like wrapped around for readab...
How to Change Numberof Rounds on
SUSE Distributions
Edit /etc/default/passwd
CRYPT=SHA512
SHA512_CRYPT_FILES=85000
How to Change Numberof Rounds on
Solaris
Edit /etc/security/crypt.conf
md5 crypt_sunmd5.so.1 rounds=85000
6 crypt_sha512.s...
How to Change Numberof Rounds on AIX
Edit /etc/security/pwdalg.cfg
sblowfish:
lpa_module = /usr/lib/security/sblowfish
lpa...
How to Change Numberof Rounds on
FreeBSD
Currently supported through a patch. Not yet part of
mainstream release.
It adds ...
How to Change Numberof Rounds on HP-
UX
Not supported!
Interesting Problemto ThinkAbout –
Part 1
To test security in its basic form, I modified the password hash by one characte...
Interesting Problemto ThinkAbout –
Part 2
Here is an extract from results of the Perl script that runs various checks on
L...
Future?
Many interesting projects are underway to improve security.
One of them is an open competition for password hashin...
Thank You!
For other interesting summaries you are welcome to check
Slideshare, or my own website:
http://www.circlingcycl...
Upcoming SlideShare
Loading in …5
×

Brief summary-standard-password-hashes-Aix-FreeBSD-Linux-Solaris-HP-UX-May-2014-by-Dusan-Baljevic

2,188 views

Published on

Brief summary of standard password hashes on AIX FreeBSD Linux Solaris HP-UX May 2014 by Dusan-Baljevic

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
2,188
On SlideShare
0
From Embeds
0
Number of Embeds
5
Actions
Shares
0
Downloads
22
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • * Lines wrapped for readability
  • * Taken from Linux systems, string lengths apply to other operating systems too
  • * Lines wrapped for readability
  • * Lines wrapped for readability
  • * Lines wrapped for readability
  • * Lines wrapped for readability
  • * Lines wrapped for readability
  • Brief summary-standard-password-hashes-Aix-FreeBSD-Linux-Solaris-HP-UX-May-2014-by-Dusan-Baljevic

    1. 1. Brief Summary of Standard Password Hashes on Unix and Linux Systems 2014 RHEL and CentOS 6.5, OpenSUSE 13.1, Ubuntu 14.04, Oracle Linux 6.5, FreeBSD10, HP-UX11i v3, Solaris 11 Dusan Baljevic Sydney, Australia
    2. 2. Standard Password Hashes Unix and Linux Systems – May 2014 The following information is based on current versions of operating systems: RHEL and CentOS 6.5 OpenSUSE 13.1 Ubuntu 14.04 Oracle Linux 6.5 FreeBSD 10 HP-UX 11i v3 Solaris 11
    3. 3. Standard Password Hash Example Contrary to popular belief, the account password entries in /etc/shadow can have more than three "$"-separators (hint: when one, for example, uses SHA-256 or SHA- 512 hashing and non-default number of rounds). On standard servers, three "$"-separated values in the second “:”-separated field are part of the user entry in /etc/shadow (line wrapped-around for readability): someusr:$5$Y4HhzEPz$mXSHm95E/4MQPp.3X4Km5R/ysct0WT45FzdX2mPkon.: 0:99999:7:::on.: The string of interest for further discussion: $5$Y4HhzEPz$mXSHm95E/4MQPp.3X4Km5R/ysct0WT45FzdX2mPkon.
    4. 4. Inside Hashed Password String What is inside the password string $5$Salt$Hash from the previous slide: $5 SHA-256 hashing Salt "Y4HhzEPz" Hash "mXSHm95E/4MQPp.3X4Km5R/ysct0WT45FzdX2mPkon." The extra "$"-separated field can exist when non-default number of rounds (see next slide) is implemented. Then we have, for example, $6$Rounds$Salt$Hash: $6$rounds=85000 $pA/kjrZS$wo0980kwEuE28ER6moiaHzuDqO/VZMoxfvbXK1i/cW2BdJjI8xH/ 1WgD7RH7UaxM1SDLYsPtPgiMF9orb1Iwi. $6 SHA-512 hashing Rounds 85000 times Salt "pA/kjrZS" Hash "wo0980kwEuE28ER6moiaHzuDqO/VZMoxfvbXK1i/cW2BdJjI8xH/ 1WgD7RH7UaxM1SDLYsPtPgiMF9orb1Iwi."
    5. 5. Rounds in Password Hashes The security of existing hashing algorithms like MD5 can be increased. It is done through process known as "rounds" - a parameter associated with almost every password hashing algorithm. The process of increasing rounds is known as "Key Stretching“, by making a weak password more secure to brute-force attacks, through increasing the time needed to test each key. For example, rounds=85000 means the system must compute 85000 hashes every time a user logs in. This imposes a restriction that an attacker has to compute 85000 hashes for each password they are trying to compromise against the hash in /etc/shadow. Therefore the attacker will be delayed by a factor of 85000. Most modern computers will take less that 1 second to compute 85000 hashes. If there is no specification for the rounds option, the system will use the default value for the given algorithm.
    6. 6. Examples of Valid Password Hashes on Linux Systems* SHA-256 hashing: $5$Y4HhzEPz$mXSHm95E/4MQPp.3X4Km5R/ysct0WT45FzdX2mPkon. SHA-512 hashing account with non-default rounds: $6$rounds=85000$pA/kjrZS $wo0980kwEuE28ER6moiaHzuDqO/VZMoxfvbXK1i/cW2BdJjI8xH/ 1WgD7RH7UaxM1SDLYsPtPgiMF9orb1Iwi. SHA-512 hashing account: $6$zgpfWfGc $ACfCZLTLeJzLhiC1gyO0Bj5JlD337zAW.L25FpYz07QalwRQJYAJ 8AIFL69PxK2XwoDehTLzPT64AsrMUsL1o0 MD5 hashing account: $1$6tAaCsfx$E2amS8ko4ks1lxz7izSL// Blowfish hashing account: $2y$05$Z4taSkam70Vc9mMqtrAby25ixpstvJUf49gqzPtjhkscGgu4Zvd6c
    7. 7. Example of Password Hashes in Perl * my %PWHASHARR = ( "1", "hashing-algorithm=MD5", "2a", "hashing-algorithm=Blowfish", "5", "hashing-algorithm=SHA-256", "6", "hashing-algorithm=SHA-512", ); Default string length (in characters) for encrypted part of the password string (third or fourth “$”-separated field in password hash in /etc/shadow): my %PWLEN = ( "1", "22", "2a", "53", "5", "43", "6", "86", ); If DES is used (strongly discouraged!) the length is 13 characters. If, for example SHA-512 is used, the encrypted part of password is, by default, 86 characters long in /etc/shadow
    8. 8. Linux Standard Hashes In current Linux distributions, the following prefixes for hashes are standard: "1" hashing-algorithm=BSD-MD5 "2a" hashing-algorithm=BSD-Blowfish "2y" hashing-algorithm=BSD-Blowfish (SUSE) "5" hashing-algorithm=SHA-256 "6" hashing-algorithm=SHA-512 "" hashing-algorithm=DES "_" hashing-algorithm=Extended-BSDI-DES (SUSE)
    9. 9. FreeBSD Standard Hashes In current FreeBSD 10 distributions, the following prefixes for hashes are standard: "1" hashing-algorithm=MD5 "2" hashing-algorithm=Blowfish "3" hashing-algorithm=NT-Hash "4" (unused) "5" hashing-algorithm=SHA-256 "6" hashing-algorithm=SHA-512 The NT-hash scheme does not use a salt, and is easy to exploit.
    10. 10. Solaris 11 Standard Hashes In current Solaris distributions, the following prefixes for hashes are standard: "1" hashing-algorithm=BSD-MD5 "2a" hashing-algorithm=Blowfish “MD5" hashing-algorithm=SUN-MD5 "5" hashing-algorithm=SHA-256 "6" hashing-algorithm=SHA-512 "__unix__" hashing-algorithm=DES (deprecated)
    11. 11. AIX 7 Standard Hashes In current AIX distributions, the following prefixes for hashes are standard: File /etc/security/login.cfg, attribute pwd_algorithm defines default hash on AIX systems: crypt, which is the legacy crypt algorithm. "crypt" hashing-algorithm=DES It can be changed to an algorithm listed in /etc/security/pwdalg.cfg file. File /etc/security/pwdalg.cfg lists additional supported encryption algorithms. For AIX 7 the additional supported algorithms are: "smd5" hashing-algorithm=MD5 "ssha256" hashing-algorithm=SHA-256
    12. 12. HP-UX 11i v3 Standard Hashes Default prefix for hash is: "__unix__" hashing-algorithm=DES HP-UX 11i v1 (11.11) and 11i v2 (11.23) do not support changing the encryption algorithm. To support changing the encryption algorithm on 11i v3 (11.31) systems, the Password Hash Infrastructure for HP- UX 11i v3 (PHI11i3) package must be installed (/etc/default/security, entry CRYPT_DEFAULT - default value is "__unix__“ the legacy encryption algorithm). The only other supported prefix is “6”, which implements an algorithm based on SHA-512: "6" hashing-algorithm=SHA-512
    13. 13. HP-UX 11i v3 SHA-512 Restrictions • HP-UX PHI11i3 can be installed only on systems with passwords stored in the /etc/shadow file. • Supported with files, but not supported with other nameserver switch backends, such as NIS. To configure system to use only files, ensure that the passwd: line in /etc/nsswitch.conf contains only files. • To use HP-UX PHI11i3 with SSH, must install HP-UX Secure Shell A.05.00.26 or later. Also, must set "UsePAM yes" in /etc/opt/ssh/sshd_config. • To use the pcnfsd commands with HP-UX PHI11i3, must install ONCplus B.11.31.02 or later. • Some third party applications may assume that password hashes are DES-based only. These applications would not function correctly with HP-UX PHI11i3.
    14. 14. Recommendations forUnix Minimum recommended password hashing should be SHA-512 if supported by operating system. To change the password hashing type, follow the examples below: On FreeBSD edit /etc/login.conf On AIX edit /etc/security/login.cfg On Solaris edit /etc/security/policy.conf On HP-UX 11i v3 (11.31) with Password Hash Infrastructure edit /etc/default/security
    15. 15. Recommendations forLinux Minimum recommended password hashing should be SHA-512 if supported by operating system. For different Linux systems, one of following methods is used (check the manuals for your distribution): Run "authconfig --passalgo=sha512 --update“ Set "CRYPT=SHA512" in /etc/default/passwd Modify "password" line in /etc/pam.d/common-password Set "ENCRYPT_METHOD SHA512" in /etc/login.defs
    16. 16. How to Change Numberof Rounds on RHEL, Debian, Ubuntu Distributions Edit /etc/pam.d/passwd (like wrapped around for readability): password required pam_unix.so sha512 shadow nullok rounds=85000
    17. 17. How to Change Numberof Rounds on SUSE Distributions Edit /etc/default/passwd CRYPT=SHA512 SHA512_CRYPT_FILES=85000
    18. 18. How to Change Numberof Rounds on Solaris Edit /etc/security/crypt.conf md5 crypt_sunmd5.so.1 rounds=85000 6 crypt_sha512.so.1 rounds=23000
    19. 19. How to Change Numberof Rounds on AIX Edit /etc/security/pwdalg.cfg sblowfish: lpa_module = /usr/lib/security/sblowfish lpa_options = cost_num=16 ssha256: lpa_module = /usr/lib/security/ssha lpa_options = algorithm=sha256,cost_num=9,salt_len=24 In above case, when Blowfish algorithm used, number of rounds is entered as 2 ^ cost_num. For 65536 (2^16) rounds, specify the setting as 16. The valid value of cost_num is an integer between 4 and 31, inclusive.
    20. 20. How to Change Numberof Rounds on FreeBSD Currently supported through a patch. Not yet part of mainstream release. It adds a string to /etc/login.conf that is the first part of the crypt to use which will provide the number of rounds as well.
    21. 21. How to Change Numberof Rounds on HP- UX Not supported!
    22. 22. Interesting Problemto ThinkAbout – Part 1 To test security in its basic form, I modified the password hash by one character for a user on Ubuntu system. That made any future login session for a user invalid. I then verified if the standard tools detect any anomaly of the hash - they did not: # passwd –Sa (or passwd –S username, depends on Linux distribution) # pwck –r # aureport (default Auditd configuration) Therefore, it is strongly recommended to use more comprehensive auditing and host intrusion detection methods to prevent password file corruption orexploits. For standard audits, the following link provides access to Perl script that runs various checks on Linux systems (similar can be used on other Unix-like O/S): http://www.circlingcycle.com.au/Unix-sources/Linux-audit-account-password- hashing.pl.txt
    23. 23. Interesting Problemto ThinkAbout – Part 2 Here is an extract from results of the Perl script that runs various checks on Linux systems. In this specific case, comparison between shadow file and its backup is executed: http://www.circlingcycle.com.au/Unix-sources/Linux-audit-account- password-hashing.pl.txt … INFO: /etc/shadow differs from backup file /etc/shadow- INFO: Offending entries in /etc/shadow root: $6$T7rwPnT7$3aEtdWD04XnIDuJ00jOF/ORzywzIuVMAP/.pJMzM/Ke0G9 9IvMZ/5zJ/kDL2wgzMWNPpeobQYG0Re5FBCoCTb.:16188:0:99999:7 …
    24. 24. Future? Many interesting projects are underway to improve security. One of them is an open competition for password hashing algorithms, using the successful model of the previous competitions like AES, eSTREAM and SHA-3: https://password-hashing.net/ Portfolio of "good algorithms" is to be obtained by mid-2015, according to the provisional timeline. The submissions must include the following desired functionality: Ability to transform an existing hash to a different cost setting without knowledge of the password
    25. 25. Thank You! For other interesting summaries you are welcome to check Slideshare, or my own website: http://www.circlingcycle.com.au/ http://www.circlingcycle.com.au/Unix-sources/ http://www.circlingcycle.com.au/Unix-and-Linux-presentations/ Dusan Baljevic, May 2014

    ×