ch10.htm

来自「Maximum Security (First Edition) 网络安全 英文」· HTM 代码 · 共 156 行

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>

<HEAD>
	
	<TITLE>Maximum Security -- Ch 10 -- Password Crackers</TITLE>
</HEAD>

<BODY TEXT="#000000" BGCOLOR="#FFFFFF">

<CENTER>
<H1><IMG SRC="../button/samsnet.gif" WIDTH="171" HEIGHT="66" ALIGN="BOTTOM" BORDER="0"><BR>
<FONT COLOR="#000077">Maximum Security: </FONT></H1>
</CENTER>
<CENTER>
<H2><FONT COLOR="#000077">A Hacker's Guide to Protecting Your Internet Site and Network</FONT></H2>
</CENTER>
<CENTER>
<P><A HREF="../ch09/ch09.htm"><IMG SRC="../button/previous.gif" WIDTH="128" HEIGHT="28"
ALIGN="BOTTOM" ALT="Previous chapter" BORDER="0"></A><A HREF="../ch11/ch11.htm"><IMG
SRC="../button/next.gif" WIDTH="128" HEIGHT="28" ALIGN="BOTTOM" ALT="Next chapter"
BORDER="0"></A><A HREF="../index.htm"><IMG SRC="../button/contents.gif" WIDTH="128"
HEIGHT="28" ALIGN="BOTTOM" ALT="Contents" BORDER="0"></A> 
<HR>

</CENTER>
<CENTER>
<H1><FONT COLOR="#000077">10</FONT></H1>
</CENTER>
<CENTER>
<H1><FONT COLOR="#000077">Password Crackers</FONT></H1>
</CENTER>
<P>This chapter examines password crackers. Because these tools are of such significance
in security, I will cover many different types, including those not expressly designed
to crack Internet-related passwords.
<H2><FONT COLOR="#000077"><B>What Is a Password Cracker?</B></FONT></H2>
<P>The term <I>password cracker</I> can be misinterpreted, so I want to define it
here. A password cracker is any program that can decrypt passwords or otherwise disable
password protection. A password cracker need not decrypt anything. In fact, most
of them don't. Real encrypted passwords, as you will shortly learn, cannot be reverse-decrypted.</P>
<P>A more precise way to explain this is as follows: encrypted passwords cannot be
decrypted. Most modern, technical encryption processes are now one-way (that is,
there is no process to be executed in reverse that will reveal the password in plain
text).</P>
<P>Instead, simulation tools are used, utilizing the same algorithm as the original
password program. Through a comparative analysis, these tools try to match encrypted
versions of the password to the original (this is explained a bit later in this chapter).
Many so-called password crackers are nothing but brute-force engines--programs that
try word after word, often at high speeds. These rely on the theory that eventually,
you will encounter the right word or phrase. This theory has been proven to be sound,
primarily due to the factor of human laziness. Humans simply do not take care to
create strong passwords. However, this is not always the user's fault:

<DL>
	<DD>Users are rarely, if ever, educated as to what are wise choices for passwords.
	If a password is in the dictionary, it is extremely vulnerable to being cracked,
	and users are simply not coached as to &quot;safe&quot; choices for passwords. Of
	those users who are so educated, many think that simply because their password is
	not in <TT>/usr/dict/words</TT>, it is safe from detection. Many users also say that
	because they do not have private files online, they are not concerned with the security
	of their account, little realizing that by providing an entry point to the system
	they allow damage to be wrought on their entire system by a malicious cracker.<FONT
	SIZE="1"><SUP>1</SUP></FONT>
</DL>



<BLOCKQUOTE>
	<P>
<HR>
<FONT SIZE="1"><SUP>1</SUP></FONT>Daniel V. Klein, <I>A Survey of, and Improvements
	to, Password Security</I>. Software Engineering Institute, Carnegie Mellon University,
	Pennsylvania. (PostScript creation date reported: February 22, 1991.) 
<HR>


</BLOCKQUOTE>


<DL>
	<DD>
</DL>

<P>The problem is a persistent one, despite the fact that password security education
demands minimal resources. It is puzzling how such a critical security issue (which
can easily be addressed) is often overlooked. The issue goes to the very core of
security:

<DL>
	<DD>...exploiting ill-chosen and poorly-protected passwords is one of the most common
	attacks on system security used by crackers. Almost every multi-user system uses
	passwords to protect against unauthorized logons, but comparatively few installations
	use them properly. The problem is universal in nature, not system-specific; and the
	solutions are simple, inexpensive, and applicable to any computer, regardless of
	operating system or hardware. They can be understood by anyone, and it doesn't take
	an administrator or a systems programmer to implement them.<FONT SIZE="1"><SUP>2</SUP></FONT>
</DL>



<BLOCKQUOTE>
	<P>
<HR>
<FONT SIZE="1"><SUP>2</SUP></FONT>K. Coady. <I>Understanding Password Security For
	Users on &amp; offline. </I>New England Telecommuting Newsletter, 1991. 
<HR>


</BLOCKQUOTE>


<DL>
	<DD>
</DL>

<P>In any event, I want to define even further the range of this chapter. For our
purposes, people who provide registration passwords or CD keys are<I> not</I> password
crackers, nor are they particularly relevant here. Individuals who copy common registration
numbers and provide them over the Internet are pirates. I discuss these individuals
(and yes, I point to some sites) at the end of this chapter. Nevertheless, these
people (and the files they distribute, which often contain thousands of registration
numbers) do not qualify as password crackers.


<BLOCKQUOTE>
	<P>
<HR>
<FONT COLOR="#000077"><B>NOTE:</B></FONT><B> </B>These registration numbers and programs
	that circumvent password protection are often called <I>cracks</I>. A Usenet newsgroup
	has actually been devoted to providing such passwords and registration numbers. Not
	surprisingly, within this newsgroup, many registration numbers are routinely trafficked,
	and the software to which they apply is also often posted there. That newsgroup is
	appropriately called <A HREF="news:alt.cracks"><TT>alt.cracks</TT></A>. 
<HR>


</BLOCKQUOTE>

<P>The only exception to this rule is a program designed to subvert early implementations
of the Microsoft CD key validation scheme (although the author of the source code
did not intend that the program be used as a piracy tool). Some explanation is in
order.</P>
<P>As part of its anti-piracy effort, Microsoft developed a method of consumer authentication
that makes use of the CD key. When installing a Microsoft product for the first time,
users are confronted by a dialog box that requests the CD key. This is a challenge
to you; if you have a valid key, the software continues to install and all is well.
If, however, you provide an invalid key, the installation routine exits on error,
explaining that the CD key is invalid.</P>
<P>Several individuals examined the key validation scheme and concluded that it was
poorly designed. One programmer, Donald Moore, determined that through the following
procedure, a fictional key could be tested for authenticity. His formula is sound
and basically involves these steps:

<DL>
	<DD><B>1. </B>Take all numbers that are trivial and irrelevant to the key and discard
	them.