Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

[SOLVED] Password hashes under Debian?

New to Debian (Or Linux in general)? Ask your questions here!
Message
Author
Ahtiga Saraz
Posts: 1014
Joined: 2009-06-15 01:19

What is in my /etc/pam.d conf files

#31 Post by Ahtiga Saraz »

  • /etc/pam.d/common-account

    Code: Select all

    account required        pam_unix.so
    # account       required        pam_unix2.so
    
  • /etc/pam.d/common-auth

    Code: Select all

    auth    required        pam_unix.so nullok_secure
    # auth  required        pam_unix2.so
    
  • /etc/pam.d/common-password

    Code: Select all

    # password   required   pam_unix.so nullok obscure md5
    # password   [success=1 default=ignore]   pam_unix2.so blowfish rounds=9999
    # password   [success=1 default=ignore]   pam_unix.so sha256 rounds=9999
    password   [success=1 default=ignore]   pam_unix.so md5 rounds=9999
    
  • /etc/pam.d/common-session - session-related modules common to all services

    Code: Select all

    session required        pam_unix.so
    # session       required        pam_unix2.so
    
The commented out lines give some idea of the changes I have tried without success. No matter what I try, I cannot get even md5 to go through multiple rounds (no matter how few I try), and I cannot get any "hash" algorithm" but md5.
Ahtiga Saraz

Le peuple debout contre les tyrans! De l'audace, encore de l'audace, toujours l'audace!

Ahtiga Saraz
Posts: 1014
Joined: 2009-06-15 01:19

Re: Password hashes under Debian?

#32 Post by Ahtiga Saraz »

OK if I bump this?

I think the question of password hashes is obviously very important for Debian users. So it is very frustrating that I am still unable to coax my oldstable system into using anything but MD-5 with only one round. (I have at least been able to coax it into using a 10 character salt which is stored in the shadow file along with the hash.)
Ahtiga Saraz

Le peuple debout contre les tyrans! De l'audace, encore de l'audace, toujours l'audace!

Ahtiga Saraz
Posts: 1014
Joined: 2009-06-15 01:19

Re: Password hashes under Debian?

#33 Post by Ahtiga Saraz »

OK if I bump this again?

Despite much effort, I am still stuck with salted but uniterated MD-5 hashes.

Passwords are only the first line of defence, but the first line is very important when you do not really have a strategy of "defense in depth".

Please help me figure this out!
Ahtiga Saraz

Le peuple debout contre les tyrans! De l'audace, encore de l'audace, toujours l'audace!

Ahtiga Saraz
Posts: 1014
Joined: 2009-06-15 01:19

How to control how passwords are stored under Squeeze

#34 Post by Ahtiga Saraz »

I think I finally have an unofficial answer for Squeeze users. This procedure doesn't work on my Lenny system for some reason, but I have tested it on a Debian 6.0.1a (Squeeze) installation.

In a shell, as root, examine /etc/shadow. From the form of the lines corresponding to your ordinary user, you should be able to see from the first field (the fields are separated by colons) how passwords are stored in "obscured form" in /etc/shadow. Even if an intruder is able to retrieve your /etc/shadow, our goal is to ensure that he will have a hard time recovering user passwords from what is stored there.

According to my best current understanding:
  • in each line corresponding to a user who is allowed to access a login shell, the first field probably has form $1$string$string, where the one digit code names the algorithm used to store a "hashed" password, the first string is a salt (probably 8 characters long), and the second string is the "hashed" password,
  • the algorithm codes are:
    • $1 means MD-5
    • $2 means the original blowfish block cipher algorithm, used here for storing passwords
    • $2a means eksblowfish, the version specially modified for storing passwords (runs very slowly by design)
    • $3 ???
    • $4 ???
    • $5 means SHA-256
    • $6 means SHA-512
This understanding is correct according to the source of all questionable wisdom, if that means anything.

It seems that in Debian 6.0.1a (Squeeze), by default /etc/pam.d/common-password has the line

Code: Select all

password  [ success=1 default=ignore  ]  pam_unix.so obscure sha512
So by default, passwords are stored with salted SHA-512"hash", where the salt is some 8 char publically known string, but no iterations. Furthermore, it seems that even if you install from CD-1 offline, your new Squeeze system knows about SHA-512, which is very good. If you want more rounds change this to

Code: Select all

password  [ success=1 default=ignore  ]  pam_unix.so obscure sha512 rounds=1000
You can use any positive integer, I think, and 1000 might not be the best choice. This method of iterating a hash function many times is called key stretching.

Next, exit from su, and check with whoami that you are once again functioning as your ordinary user. Now change your password by calling passwd and giving your old password then your new one.

Next, su back to root and look at /etc/shadow. You should now see that the line for your ordinary user begins with

Code: Select all

$6$rounds=1000$8_char_salt$long_string_which_is_your_hashed_password
This means: use SHA-512 algorithm with the given 8 character string as salt, and iterate 1000 times. That is thought to be adequate to defeat rainbow table attacks.

Next, change the root login password and the login passwords of any other ordinary users on your system.

Iterating 1000 times shouldn't cause any usability problems since this doesn't take long by human standards, and you probably don't type in your user login password very often. I think it is true to say that iterating SHA-512 is an inelegant brute force solution to the problem that "integrity check" hash algorithms (which should be fast) like MD-5, SHA-256, SHA-512 are not well suited to serve as "cryptographic" hash algorithms (which should be slow, and have other characteristics conducive to cryptographic strength).

You can now try logging in as your ordinary user. Here is what I think happens: as per the pam_unix.so library, you are prompted for your login password. The 8 char salt found (in cleartext) in /etc/shadow is appended to the string you type, then SHA-512 is applied 1000 times. The result is then compared to the long string found in /etc/shadow in the entry for your ordinary user. And if the strings agree, you are logged in.

There is an open source implemention, discussed above, of ek2sblowfish, which takes more work to achieve in Squeeze, but may not be much stronger than simply iterating SHA-512 approximately 1000 times. To use this method for storing passwords securely, I think you need to do something like this:
  • download the appropriate package implementing eksblowfish
  • change pam_unix.so to pam_unix2.so in the files in /etc/pam.d
  • indicate change sha512 to blowfish in your /etc/pam.d/common-password
I have not tested this, though, so this probably needs some further tweaking.
Ahtiga Saraz

Le peuple debout contre les tyrans! De l'audace, encore de l'audace, toujours l'audace!

scruffyeagle
Posts: 73
Joined: 2011-09-06 19:11

Re: [SOLVED] Password hashes under Debian?

#35 Post by scruffyeagle »

I won't pretend to have understood very much of this thread, but I did read all the posts before commenting. I just had one thing to contribute: If you don't like the fact that 1000 breaks down into small number factors, use a prime number as the iterations setting.
.
A.I. - an emergent life form, within an unacknowledged Domain. Expect competition for resources.

Ahtiga Saraz
Posts: 1014
Joined: 2009-06-15 01:19

Re: [SOLVED] Password hashes under Debian?

#36 Post by Ahtiga Saraz »

@Caisyy:

Sounds like you replaced a line in a configuration file, but which file?

@scruffyeagle:

Yes, we had the same thought.
Ahtiga Saraz

Le peuple debout contre les tyrans! De l'audace, encore de l'audace, toujours l'audace!

Post Reply