Improving Authentication

Traditional Unix passwords are no more than eight characters long and are transmitted across the network as clear text. Additionally, these passwords are stored in the /etc/passwd file, which is world-readable. All of these things are security problems.

Limiting passwords to eight characters limits a user's choices, and reduces the difficulty of a brute-force decryption attack. MD5 passwords can be up to 256 characters long. On a Red Hat system, select MD5 Passwords during the installation, as described in Appendix A, "Basic Installation." Alternatively, you can run authconfig —enablemd5 after the system is running to enable the use of long passwords.

Regardless of how long a password is, the user can pick a bad one. A bad password is one that is easy to guess. See the following "Password Dos and Don'ts" sidebar for some advice you can give your users to help them pick good passwords.

Password Dos and Don'ts

• use a mixture of numbers, special characters, and mixed-case letters.

• Do use at least eight characters.

• Do use a seemingly random selection of letters and numbers that is easy to remember, such as the first letter of each word from a line in a book, song, or poem.

• Don't use any English or foreign language word or abbreviation.

• Don't use any information associated with the account, such as the login name, the user's initials, phone number, social security number, job title, or room number.

• Don't use keyboard sequences; for example, qwerty.

• Don't use any of the bad passwords described above spelled backward, in caps, or otherwise disguised.

• Don't use an all-numeric password.

• Don't use a sample password, no matter how good, that you've gotten from a book that discusses computer security.

Linux prevents users from picking the worst kinds of passwords by applying many of the rules listed in the sidebar to reject bad passwords. Passwords are chosen with the passwd command. Linux tests the password entered by the user at the passwd prompt in several different ways. Listing 12.5

is an example of Red Hat using the pam_cracklib module to block the selection of some bad passwords.

Listing 12.5: Linux Rejects Weak Passwords

$ passwd

Changing password for craig (current) UNIX password: New UNIX password:

BAD PASSWORD: it is derived from your password entry New UNIX password:

BAD PASSWORD: it is too simplistic/systematic

New UNIX password:

BAD PASSWORD: it is too short passwd: Authentication token manipulation error

Although Linux does its best to make sure you use a good password, no matter how good a password is, it is useless if someone steals it. Because the passwords are transmitted over the network as clear text, they are very easy to steal.

Two packages that can prevent thieves from stealing passwords off of the wire are described later in this section. However, passwords do not have to be stolen off of the wire. If passwords are stored in the /etc/passwd file, the entire file can be read by anyone on the system and subjected to a "dictionary attack." In a dictionary attack, a large selection of possible passwords are encrypted using the same method of encryption that is used for passwords, and the result of the encryption is compared to the passwords stored in the /etc/passwd file. When the encrypted values match, you know the original password because you know the string you used to create the encrypted value.

Even when good encryption is used for passwords stored in the passwd file, if passwords are poorly chosen, they are susceptible to a dictionary attack. The first line of defense against this problem is to store the encrypted passwords in a file that is not world-readable.

Was this article helpful?

0 0

Post a comment