SYSDA lecture 3

Computer security basics

Authentication is essentially Verifying an identity

Identifier presented will often be account name

So for University computers, I sign in with my username and matching password

Note that passwords on file systems can be found by digital investigators
even encryption keys!

Local passwords (UNIX)

In traditional UNIX, file called /etc/passwd which contains authentication information for local accounts

Does not store password, but the hash for the password

Hash calculated through a one way function

So password “superman” would give a hash and this hash is what is stored on/in the system

No known way to invert this function

Can however find a match

So would have to match on both username and password

If my password is “superman” and so is sarah’s they will have different hashes despite being the same passwords

This is to prevent a security feature, otherwise a database of hashes could be made!

Taken directly from lecture:

username  The user (login) name

passwd  The hashed password

UID  Numerical user ID

GID  Numerical default group ID

name  The user's full name

directory  User's home directory

shell  User's login shell

these are all in a single line for every account

Imporant note: dictionary attacks can enable an attack

Going through words in dictionary and applying the known hash algorithm

Will eventually find a password which gives same hash- is therefore password

Lets say hash on George account was AlD4E with password “superman”

Typing supermanngives hash fGr3E for example

But typing superman gives the same has as AlD4DE

Would therefore know it’s a match

Salt strings- string combined with userpassword before being fed to hash function

Pre-computed table would no longer work as every entry in passwd file has different salt

BUT

This is not a full safety method

The salt may look like this:

$6$R9gjcJgJkZM$dADFBVRALpTAcl72JHXb.Q3A6tPctM.LRM9q2NDbXB.WL3QIbVy6O19hJJh4r1Ul0Rn.vPSeOX2gkEaeMsoBH0

Note that the 6 identifies the hash algorithm

The string between the 2^nd and 3^rd $ strings is random salt

The rest is the hash of salt plus the users password

Lab session will explore how using this allows password cracking

Security awareness led to the passwd file being moved into a /etc/shadow file which is only readable by super users

Local passwords in windows

Role of password file is taken by SAM (security Accounts Manager)

SAM stored in the windows registry

This may store up to two different hashes for each users password; LANMAN and NT

This hash is stored without salt- so can easily do a optimised search for passwords

Access control

Users are limited in what they are able to do

In uni, would not want students having admin rights

In unix, can make groups and then have these rights allocated to groups

Example of a unix permission

rwx rw- r--

means user can read write and execute

group can read and write

world can read

Can read further on this by reading Tannenbaum “Modern Operating Systems in chapter 9