|
|
|
Modern Operating Systems by Herbert Bos and Andrew S. Tanenb...
Modern_Operating_Systems_by_Herbert_Bos_and_Andrew_S._Tanenbaum_4th_Ed.pdf
Showing 661 out of 1137
Modern Operating Systems by Herbert Bos and Andrew...
Modern_Operating_Systems_by_Herbert_Bos_and_Andrew_S._Tanenbaum_4th_Ed.pdf-M ODERN O PERATING S YSTEMS
Modern Operating Systems by Herbert...
Modern_Operating_Systems_by_Herbert_Bos_and_Andrew_S._Tanenbaum_4th_Ed.pdf-M ODERN O PERATING S YSTEMS
Page 661
630
SECURITY
CHAP. 9
otherwise weak password enable attackers to harvest a large number of accounts,
sometimes with full administrator rights.
UNIX Password Security
Some (older) operating systems keep the password file on the disk in unen-
crypted form, but protected by the usual system protection mechanisms. Having all
the passwords in a disk file in unencrypted form is just looking for trouble because
all too often many people have access to it. These may include system administra-
tors, machine operators, maintenance personnel, programmers, management, and
maybe even some secretaries.
A better solution, used in UNIX systems, works like this. The login program
asks the user to type his name and password. The password is immediately ‘‘en-
crypted’’ by using it as a key to encrypt a fixed block of data. Effectively, a one-
way function is being run, with the password as input and a function of the pass-
word as output. This process is not really encryption, but it is easier to speak of it
as encryption. The login program then reads the password file, which is just a
series of ASCII lines, one per user, until it finds the line containing the user’s login
name. If the (encrypted) password contained in this line matches the encrypted
password just computed, the login is permitted, otherwise it is refused. The advan-
tage of this scheme is that no one, not even the superuser, can look up any users’
passwords because they are not stored in unencrypted form anywhere in the sys-
tem. For illustration purposes, we assume for now that the encrypted password is
stored in the password file itself. Later, we will see, this is no longer the case for
modern variants of UNIX.
If the attacker manages to get hold of the encrypted password, the scheme can
be attacked, as follows. A cracker first builds a dictionary of likely passwords the
way Morris and Thompson did.
At leisure, these are encrypted using the known
algorithm. It does not matter how long this process takes because it is done in ad-
vance of the break-in. Now armed with a list of (password, encrypted password)
pairs, the cracker strikes. He reads the (publicly accessible) password file and
strips out all the encrypted passwords. These are compared to the encrypted pass-
words in his list.
For every hit, the login name and unencrypted password are now
known. A simple shell script can automate this process so it can be carried out in a
fraction of a second.
A typical run of the script will yield dozens of passwords.
After recognizing the possibility of this attack, Morris and Thompson de-
scribed a technique that renders the attack almost useless. Their idea is to associate
an
n
-bit random number, called the
salt
, with each password. The random number
is changed whenever the password is changed.
The random number is stored in the
password file in unencrypted form, so that everyone can read it. Instead of just
storing the encrypted password in the password file, the password and the random
number are first concatenated and then encrypted together. This encrypted result is
then stored in the password file, as shown in Fig. 9-18 for a password file with five
Ace your assessments! Get Better Grades
Browse thousands of Study Materials & Solutions from your Favorite Schools
Concordia University
Concordia_University
School:
Operating_Systems
Course:
Great resource for chem class. Had all the past labs and assignments
Leland P.
Santa Clara University
Introducing Study Plan
Using AI Tools to Help you understand and remember your course concepts better and faster than any other resource.
Find the best videos to learn every concept in that course from Youtube and Tiktok without searching.
Save All Relavent Videos & Materials and access anytime and anywhere
Prepare Smart and Guarantee better grades
Know more
Students also viewed documents
lab 18.docx
lab_18.docx
Course
Course
3
Module5QuizSTA2023.d...
Module5QuizSTA2023.docx.docx
Course
Course
10
Week 7 Test Math302....
Week_7_Test_Math302.docx.docx
Course
Course
30
Chapter 1 Assigment ...
Chapter_1_Assigment_Questions.docx.docx
Course
Course
5
Week 4 tests.docx.do...
Week_4_tests.docx.docx
Course
Course
23
Week 6 tests.docx.do...
Week_6_tests.docx.docx
Course
Course
106
