I would have put this in Web/Security, but it really isn't incredibly important.

I was just beefing up the security on my box the past 2 days and a thought occured to me. I read a guide telling how to encypt your shadow file using the more powerful md5. Then I thought,"Wait a minute, nobody but root can read this file anyway. If somebody can read your shadow file, then it's already too late, they're already root!!! :eek: "

So, I guess my point is that encrypting the shadow file seems... well, redundant. :)

Thoughts?

If someone uses a bootdisk, they would bypass the permissions problem (by mounting it manually and reading it). This means that, even if they do, they still can't read it.

It's really only an issue if you're trying to keep someone out who has direct, physical access to your box.

Actually I already thought of that too.

Again... they are already root. All they need is a rootkit and you are toasted. :)

Also on that note, if someone has direct physical access to your computer, then nothing can completely stop them from becoming root, whether you have encypted passwords or not.

True. You know, that IS a good question... Maybe it's to prevent problems with programs or daemons that run as root? That way, if it were opened/sent somewhere by a trojan, it still couldn't be read.

Just an idea I'm throwing out, here.

Interesting thought.

Any old-timers have thoughts on this? :)
md, mahdi, bwkaz?

C'mon bwkaz, you've always got something intellegent to say. :D

You don't really want admins to know user's passwords.

When you say "how to encypt your shadow file using the more powerful md5", what do you mean? Are you trying to encrypt the entire file? Because AFAIK, MD5 is only a hashing algorithm -- once you run data through MD5, you can't take the output and get the original back.

So if you run your entire /etc/shadow file through MD5, you can't get the contents back to validate passwords.

However, you might easily be talking about MD5-hashing the passwords themselves. If you are, then yes, there are great reasons to do that. Most of which revolve around the fact that even if you can read /etc/shadow, you still can't get passwords out of it.

The text stored in /etc/shadow is hashed. You can't get the original password back if you have the hash value (whether you're root or not).

The password comparisons are done by hashing the inputted password, and comparing the hashes. If they're the same, authentication succeeds.

The default algorithm for passwords is some variation on DES. Because of the algorithm, the limit on the key length is 8 characters (the password is used as a key for the hash), and the valid characters are also not great (you can't use, for example, ASCII values with the high bit set). The 8 7-bit characters are combined to form a 56-bit key. This is used as one input to a DES encryption scheme, where the stuff to be encrypted is the other input (it's fixed, usually at all zeros).

With MD5, the input key can be any length. And the characters used can be anything. So there are many, many, many more passwords possible.

In addition, because of advances in computing power, it is possible to brute-force attack DES in quite a short amount of time now. Which means that without shadowed passwords, you can brute-force to get the password "from" the hash.

Now, this isn't any help for cracking passwords if your passwords are shadowed, because nobody can read the /etc/shadow file.

However, inside /etc/shadow isn't the only place that passwords are stored. In memory, inside processes that have to check passwords, comes to mind. It is also possible to grab your hard drive and plug it into a system that the attacker does have root access to. The UID in the inode will still be 0, and the permissions will still be set rw-------, so root is the only one that will be able to read the file, but the attacker is root on that system.

So, you use /etc/shadow to help against people that have remote access through SSH or whatever, and you MD5 encrypt the passwords so that people that get at your hard drive or at the memory contents of processes validating passwords, can't brute-force the encryption hash.

I bet it helps protect local security and stuff. If somone walks in your house and boots knoppix, they could copy the files onto a floppy. I really don't know.

Another thing is -- why not? I'm betting that encrypted passwd files came before shadowing, so you might as well keep encrypting them, even if it's possible to get away without it by using a restricted shadow file.

Originally posted by Sepero
Also on that note, if someone has direct physical access to your computer, then nothing can completely stop them from becoming root, whether you have encypted passwords or not.

erm, not on my Laptop or Main PC :-D i have very good protection against that.

When thinking through any security issue, it's important to factor in large network environments too, where a password might get an attacker into a he11 of a lot more than just some dumb home users PC.

When you say "how to encypt your shadow file using the more powerful md5", what do you mean? Are you trying to encrypt the entire file?:confused: no. AFAIK that isn't possible.The text stored in /etc/shadow is hashed. You can't get the original password back if you have the hash value (whether you're root or not).Only one flaw here that I see. It should say, "(whether you are root).". There is no, "or not". Unless some bumbling admin does a chown on the file... :DThe default algorithm for passwords is some variation on DES. Because of the algorithm...limit on the key length is 8...56-bit key...With MD5, the input key can be any length...many, many, many more passwords possible...because of advances...it is possible to brute-force attack DES in quite a short amount of time now. Which means that without shadowed passwords, you can brute-force to get the password "from" the hash.

Now, this isn't any help for cracking passwords if your passwords are shadowed, because nobody can read the /etc/shadow file.Re-read that last paragraph... My point exactly. :)However, inside /etc/shadow isn't the only place that passwords are stored. In memory, inside processes that have to check passwords, comes to mind.I can honestly say that I don't know enough about memory to reply to this, but... user mem is restricted from writing on admin mem, correct? I would imagine that Linus is smart enough to use this same pricipal to keep users from reading portions of admin memory??...possible to grab...hard drive and plug it into a system that the attacker does have root access to...again... too late. here come the rootkits.:confused:You don't really want admins to know user's passwords.Excellent reason. I can probably understand with this one more than any other. But... If admins did know the passwords, then they would know which users had easy passwds to crack. "Hey, change your passwd, '1234' is too easy to crack"...

Originally posted by Sepero
:confused: no. AFAIK that isn't possible. No, I don't think it is either. That was why I was a bit confused. :)

Only one flaw here that I see. It should say, "(whether you are root).". There is no, "or not". Unless some bumbling admin does a chown on the file... :D What I meant was more of an "even root can't decrypt it"-type thing. Even if users did somehow (no, I don't know how... bumbling admin, perhaps) get access to the file, they wouldn't be able to decrypt it either, but that wasn't what I was meaning to focus on.

Re-read that last paragraph... My point exactly. :) Yeah, I know. ;)

I can honestly say that I don't know enough about memory to reply to this, but... user mem is restricted from writing on admin mem, correct? I would imagine that Linux is smart enough to use this same pricipal to keep users from reading portions of admin memory?? Ideally. Ideally, no process can read the memory of any other process. But, there's no guarantee (that I know of) that when memory gets reallocated, it also gets cleared. It is theoretically (yeah, I know...) possible, therefore, that a hashed password could get leaked to some userspace process.

Excellent reason. I can probably understand with this one more than any other. But... If admins did know the passwords, then they would know which users had easy passwds to crack. "Hey, change your passwd, '1234' is too easy to crack"... This is one I wish I'd have thought of too, actually. Makes a lot more sense than anything I did say... :p

But the "weak password" argument isn't necessarily an argument for the admins knowing all the passwords, either. It's an argument for using ... whatever utility that is that checks passwords as a part of running passwd (wish I could remember the name...). So that users can set passwords to anything that this program thinks is valid (which would ideally rule out weak passwords), but the admins still won't know what any of them are.

what would it matter if root knew the password to other users accounts or not? cant root modify any of their files anyway?

If root was actually able to get plaintext passwords, it would be a bad thing of course. In my situation, I have a master password that is randomly generated and 11 charactars long. I use it for everything. If a site says it has to be shorter, I truncate it. If root knew my password on his machine, he'd have access to my site and everything I have my hands into. By the way, I change this password every month. How bad of a security policy is this? Awww crap, now I've just gone off topic ;)

Originally posted by bwkaz
But the "weak password" argument isn't necessarily an argument for the admins knowing all the passwords, either. It's an argument for using ...
It's ok, I don't know what that programs name is either. ;)
On that issue though, do you trust a program to do a better job of finding weak passwords than you? I mean, sure it can do all kinds of dictionary matching and stuff, but what about trendy words, like "phat". Things like that may not be likely, but I think you know what I mean.


To JThunderly:
What makes you think that any site you use encrypts your password?! :p


P.S.
You're right too, Darkbolt.

Originally posted by Sepero

To JThunderly:
What makes you think that any site you use encrypts your password?! :p



They don't. :eek: For once in my life, I wish I would have stuck with security through obscurity and not told everyone that :(

LOL

Originally posted by Sepero
...I mean, sure it can do all kinds of dictionary matching and stuff, but what about trendy words, like "phat". Things like that may not be likely, but I think you know what I mean. Hmm, yeah, I do.

...

Ah hah! cracklib, that's what it's called! :p

Anyway...

I guess in the end, it all depends on what's in the current dictionary that attacker(s) is (are) using. If your cracklib dictionary matches up to that (or is a superset of it), then you're probably OK. Of course, you don't know what the current attacker dictionary is... hmm.

You can also reject anything listed in /usr/dict/words, I believe. So if you keep that up-to-date with some sort of English dictionary, you're probably not doing too poorly.

Modifications to cracklib aren't out of the question, either, though I would hope that it'd already look for the dumbest patters (e.g. all numbers or all lowercase letters).

Even 'trendy' words might be in cracking dictionaries. Some have only words like that. There are so much of those dictionaries that you shouldn't use an existing word, whether it's trendy or another language, it's just not a good idea.

Encrypting passwords adds security. Someone said a cracker could just install a rootkit, but those can be detected. If someone reads passwords of /etc/shadow, that'll be a lot harder to detect (assuming all traces are removed).

For the original poster: while MD5 is better than DES, blowfish is much, much better. You should use that one.

Originally posted by Darkbolt
what would it matter if root knew the password to other users accounts or not? cant root modify any of their files anyway?
Yes, but a password is secret, some use the same pwd for mail as for a machine account. There's no reason to tell root your pass. Sure, root can decrypt - but that'd take time.

Even 'trendy' words might be in cracking dictionaries. Some have only words like that. There are so much of those dictionaries that you shouldn't use an existing word, whether it's trendy or another language, it's just not a good idea.Good point. I'd say that this is one of the best reasons to have un-encrypted passwords. Normal users are... well... sometimes ignorant. Letting the administrator plainly see the passwords allows them easily see if someone has a weak password or not. Then, they can be notified to convert to a stronger password.
Encrypting passwords adds security.True... if they need to be passed in communicating publicly. I don't send my shadow file to other computers, do you?Someone said a cracker could just install a rootkit, but those can be detected. If someone reads passwords of /etc/shadow, that'll be a lot harder to detect (assuming all traces are removed).I said that hypothecally, because it is the easiest way to keep root status. If someone has gained root on your system, copying and cracking the shadow file would just take somewhat longer. Then, only constantly changing your password would save you from being cracked. (Most people that I know almost never change there passwords anyway). Unfortunately, this would only serve to keep you in the dark, because you would never know that someone cracked your system and you wouldn't even know to try and prevent future attempts.For the original poster: while MD5 is better than DES, blowfish is much, much better. You should use that one.Thanks for the info; I didn't know that. :)Yes, but a password is secret, some use the same pwd for mail as for a machine account. There's no reason to tell root your pass. Sure, root can decrypt - but that'd take time.:(Are you serious? You've got to be joking. Either that or you're confused. Once you put your information on somebody else's computer, you might as well consider it already cracked.

Are you serious? You've got to be joking. Either that or you're confused. Once you put your information on somebody else's computer, you might as well consider it already cracked.
Well then there's no reason for encryption at all, is there? :) (I'm not quite sure what you meant by that.. ;))

But about crackable passwords -- admins have the same tools (and dictionaries) available as the crackers have. So an automated tool should be very effective for weeding out weak passwords. Take a look at the cracklib dictionary and tell me that it's missing a word. :D

Well, after much thought, I've come to a conclusion. I feel that encrypted shadow passwords do more harm than good. Here's why:

Encrypting shadow passwords really prevents nobody but administrators from plainly reading them.

This leads to the question, 'But what if someone breaks into your system and reads your shadow file?'. Well, we have all seen this type of security before. It's called "security through obscurity":
password->encrypt=hard to crack because it's difficult to reverse
source code->compile=hard to crack because it's difficult to reverse

If you're using GNU/Linux, you probably already know that "security through obscurity" doesn't work very well.

So, my conclusion is that by allowing administrators to plainly view the system passwords, they can advise users make their passwords stronger. In the end, I feel that this ultimately makes the system stronger.

Quick thought:

Isn't it documented in almost all security threads that if a user has physical access to your machine then they can pretty much do anything they want?

I'll admit I haven't read the entire thread, but generally if I had access to a machine that I wanted to crack, encrypting the shadow file is pointless because I'll have root access to the partition/drive and can do what I want anyway. Users passwords are irrelevant.

James

Originally posted by Satanic Atheist
Quick thought:

Isn't it documented in almost all security threads that if a user has physical access to your machine then they can pretty much do anything they want?

I'll admit I haven't read the entire thread, but generally if I had access to a machine that I wanted to crack, encrypting the shadow file is pointless because I'll have root access to the partition/drive and can do what I want anyway. Users passwords are irrelevant.

James
IMHO that's sort of the same as saying "since I already have one vulnerability (i.e.: your computer is vulnerable to physical access), why even bother to protect my computer from other vulnerabilities"
You do realize that people don't *always* have physical access to your computer, and that there are other situations where your system gets cracked, and where encrypted passwords do help.

As for who said that thing about "security trough obscurity": there already exist programs which will check if the password a user chooses is good (and if not - reject the pwd or simply notify the user of it, based on the way root configured it). so imho the reason you give (i.e. 'the admin can view if it's a good pwd') to give the admin access to your password is not a good one.

Ludootje - I agree with most of your post.

Security through obscurity is no protection at all. Rejecting ICMP pings (exclusively, for example) is nothing if you use a TCP port scanner.

Teaching users (and newbies) that security is No.1 priority is a great way of reducing malicious hackers and increasing Linux security.

I am responsibe for more than myself in terms of security and that is my major priority. All the normal protections are in place (Firewall, restriction to local connections etc) and if I owned this Internet connection then I may damn well be obliged to open up more ports and allow less stringent access.

As it happens, I don't own the connection (although I do say what goes through it) and I have responsibilities to fulfil which I will not relinquish lightly.

As for physical security, well, all machines are protected behind locking doors and there is usually someone on site to ensure that unwarranted physical access is at a minimum. As a standard precaution, I lock my machine whilst I'm away from it.

This may well be an interesting security thread and it may warrant a new post under that forum. As long as people know that your machine is not secure "Simply because it doesn't have a <INSERT MAJOR SERVICE> running on it then we are doing them a favour.

James

I didn't read through all the posts, but generally the reason for this is to further hinder the attacker. Anyone who has physical access to your system can grab your passwd/shadow files and run them through a cracking program. However since the passwords are created with a one way hashing algorithm, then most of the time a dictionary attack is required to actually crack them. A good alphanumeric password can take a very long time to crack. Therefore this gives you some time to change your password in the event that you figure out that your machine has been compromised. It's a whole lot better than having your password in the clear as soon as the shadow file is stolen.

Originally posted by Sepero
Good point. I'd say that this is one of the best reasons to have un-encrypted passwords. Normal users are... well... sometimes ignorant. Letting the administrator plainly see the passwords allows them easily see if someone has a weak password or not. Then, they can be notified to convert to a stronger password.
As I said in my previous post, the admin doesn't need to know the pwd to do that stuff.

True... if they need to be passed in communicating publicly. I don't send my shadow file to other computers, do you?
No, I don't. But I don't believe that it'll only add security when you communicate it publicly, either. A simple example: you run apache as root. You use phpnuke. The 348th vulnerability for phpnuke is discovered, and I use a zero-day exploit to view your /etc/shadow file. If your shadow file is NOT encrypted, you're ****ed. If it is encrypted, you're not ****ed at all if you have decent passwords.

I said that hypothecally, because it is the easiest way to keep root status. If someone has gained root on your system, copying and cracking the shadow file would just take somewhat longer.
That's not true. Gaining root can under some circumstances be extremely easy. If you use decent passwords, cracking the shadow file will take much, much longer.

:(Are you serious? You've got to be joking. Either that or you're confused. Once you put your information on somebody else's computer, you might as well consider it already cracked.
I don't get your point. Since root has access to your files anyway, you find giving root your pwd the most normal thing to do?
FYI, you can encrypt your information/files/etc., in which case you shouldn't "consider it already cracked"