Page 1476 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1476

Dictionary Attacks


               As mentioned previously, many Unix systems store encrypted versions
               of user passwords in an /etc/shadow file accessible to all system users.
               To provide some level of security, the file doesn’t contain the actual
               user passwords; it contains a hashed version obtained from a one-way
               hash function (see Chapter 7, “PKI and Cryptographic Applications,”

               for a discussion of hash functions). When a user attempts to log on to
               the system, access verification routines use the same hash function to
               hash the password entered by the user and then compare it with the
               hashed version of the actual password stored in the /etc/shadow file. If
               the values match, the user is allowed access.

               Password attackers use automated tools like John the Ripper to run
               automated dictionary attacks that exploit a simple vulnerability in this

               mechanism. They take a large dictionary file that contains thousands
               of words and then run the encryption function against all those words
               to obtain their encrypted equivalents. John the Ripper then searches
               the password file for any encrypted values for which there is a match
               in the encrypted dictionary. When a match is found, it reports the
               username and password (in plain text), and the attacker gains access
               to the system.


               It sounds like simple security mechanisms and education would
               prevent users from using passwords that are easily guessed by John
               the Ripper, but the tool is surprisingly effective at compromising live
               systems. As new versions of cracking tools are released, more
               advanced features are introduced to defeat common techniques used
               by users to defeat password complexity rules. Some of these are
               included in the following list:


                    Rearranging the letters of a dictionary word

                    Appending a number to a dictionary word

                    Replacing each occurrence of the letter O in a dictionary word with
                    the number 0 (or the letter l with the number 1)

                    Combining two dictionary words in some form

               Rainbow table attacks are a variant on dictionary attacks designed to
   1471   1472   1473   1474   1475   1476   1477   1478   1479   1480   1481