Password Crackers

These tools are of such significance in security, I will cover many different types, including those not expressly designed to crack Internet-related passwords.

What Is a Password Cracker?

The term password cracker can be misinterpreted, so I want to define it here. A password cracker
is any program that can decrypt passwords or otherwise disable password protection. A password
cracker need not decrypt anything. In fact, most of them don't. Real encrypted passwords, as you
will shortly learn, cannot be reverse-decrypted.

A more precise way to explain this is as follows: encrypted passwords cannot be decrypted. Most
modern, technical encryption processes are now one-way (that is, there is no process to be
executed in reverse that will reveal the password in plain text).

Instead, simulation tools are used, utilizing the same algorithm as the original password program.
Through a comparative analysis, these tools try to match encrypted versions of the password to the
original (this is explained a bit later in this chapter). Many so-called password crackers are nothing
but brute-force engines--programs that try word after word, often at high speeds. These rely on the
theory that eventually, you will encounter the right word or phrase. This theory has been proven to
be sound, primarily due to the factor of human laziness. Humans simply do not take care to create
strong passwords. However, this is not always the user's fault:

     Users are rarely, if ever, educated as to what are wise choices for passwords. If a password
     is in the dictionary, it is extremely vulnerable to being cracked, and users are simply not
     coached as to "safe" choices for passwords. Of those users who are so educated, many think
     that simply because their password is not in /usr/dict/words, it is safe from detection.
     Many users also say that because they do not have private files online, they are not concerned
     with the security of their account, little realizing that by providing an entry point to the system
     they allow damage to be wrought on their entire system by a malicious cracker.1

     1Daniel V. Klein, A Survey of, and Improvements to, Password Security. Software
     Engineering Institute, Carnegie Mellon University, Pennsylvania. (PostScript creation
     date reported: February 22, 1991.)

The problem is a persistent one, despite the fact that password security education demands minimal
resources. It is puzzling how such a critical security issue (which can easily be addressed) is often
overlooked. The issue goes to the very core of security:

     ...exploiting ill-chosen and poorly-protected passwords is one of the most common attacks on
     system security used by crackers. Almost every multi-user system uses passwords to protect
     against unauthorized logons, but comparatively few installations use them properly. The
     problem is universal in nature, not system-specific; and the solutions are simple, inexpensive,
     and applicable to any computer, regardless of operating system or hardware. They can be
     understood by anyone, and it doesn't take an administrator or a systems programmer to
     implement them.2

2K. Coady. Understanding Password Security For Users on & offline. New
England Telecommuting Newsletter, 1991.

In any event, I want to define even further the range of this chapter. For our purposes, people who
provide registration passwords or CD keys are not password crackers, nor are they particularly
relevant here. Individuals who copy common registration numbers and provide them over the
Internet are pirates. I discuss these individuals (and yes, I point to some sites) at the end of this
chapter. Nevertheless, these people (and the files they distribute, which often contain thousands of
registration numbers) do not qualify as password crackers.

     NOTE: These registration numbers and programs that circumvent password protection
     are often called cracks. A Usenet newsgroup has actually been devoted to providing
     such passwords and registration numbers. Not surprisingly, within this newsgroup,
     many registration numbers are routinely trafficked, and the software to which they
     apply is also often posted there. That newsgroup is appropriately called alt.cracks.

The only exception to this rule is a program designed to subvert early implementations of the
Microsoft CD key validation scheme (although the author of the source code did not intend that the
program be used as a piracy tool). Some explanation is in order.

As part of its anti-piracy effort, Microsoft developed a method of consumer authentication that
makes use of the CD key. When installing a Microsoft product for the first time, users are
confronted by a dialog box that requests the CD key. This is a challenge to you; if you have a valid
key, the software continues to install and all is well. If, however, you provide an invalid key, the
installation routine exits on error, explaining that the CD key is invalid.

Several individuals examined the key validation scheme and concluded that it was poorly designed.
One programmer, Donald Moore, determined that through the following procedure, a fictional key
could be tested for authenticity. His formula is sound and basically involves these steps:

1. Take all numbers that are trivial and irrelevant to the key and discard them.ò

2. Add the remaining numbers together.

3. Divide the result by 7.

The number that you derive from this process is examined in decimal mode. If the number has no
fractional part (there are no numeric values to the right of the decimal point), the key is valid. If the
number contains a fractional part (there are numbers to the right of the decimal), the key is invalid.
Moore then designed a small program that would automate this process.

Cross Reference: Moore's complete explanation and analysis of the CD key
validation routine is located at http://www.apexsc.com/vb/lib/lib3.html.

The programmer also posted source code to the Internet, written in garden-variety C. I have
compiled this code on several platforms and it works equally well on all. (The platforms I have
compiled it on include DOS, NT, Linux, and AIX.) The utility is quite valuable, I have found, for I
often lose my CD keys.

Cross Reference: The source code is located at
http://www.futureone.com/~damaged/PC/Microsoft_CD_Key/mscdsrc.html.

This type of utility, I feel, qualifies in this chapter as a form of password cracker. I suspect that some
of you will use this utility to subvert the CD key validation. However, in order to do so, you must
first know a bit of C (and have a compiler available). My feeling is, if you have these tools, your level
of expertise is high indeed, and you are probably beyond stealing software from Microsoft. (I hope.)

     NOTE: Microsoft's method of protecting upgrade packages is also easily bypassed.
     Upgrades install as long as you have the first disk of a previous version of the specified
     software. Therefore, a user who obtains the first disk of Microsoft Visual Basic
     Professional 3.0, for example, can install the 4.0 upgrade. For this reason, some pirate
     groups distribute images of that first disk, which are then written to floppies. (In rare
     instances when the exact image must appear on the floppy, some people use
     rawrite.exe or dd.exe, two popular utilities that write an image directly to a floppy.
     This technique differs from copying it to a floppy.) In addition, it is curious to note that
     certain upgrade versions of VB will successfully install even without the floppy
     providing that Microsoft Office has been installed first.

I should make it clear that I do not condone piracy (even though I feel that many commercial
software products are criminally overpriced). I use Linux and GNU. In that respect, I owe much to
Linus Torvalds and Richard Stallman. I have no fear of violating the law because most of the
software I use is free to be redistributed to anyone. (Also, I have found Linux to be more stable than
many other operating systems that cost hundreds of dollars more.)

Linux is an entirely copy-free operating system, and the GNU suite of programs is under the general
public license. That is, you are free to redistribute these products to anyone at any time. Doing so
does not violate any agreement with the software authors. Many of these utilities are free versions of
popular commercial packages, including C and C++ compilers, Web-development tools, or just
about anything you can dream of. These programs are free to anyone who can download them. They
are, quite frankly, a godsend to anyone studying development.

In any event, the password crackers I will be examining here are exactly that: they crack, destroy, or
otherwise subvert passwords. I provide information about registration cracks at the end of the
chapter. That established, let's move forward.

How Do Password Crackers Work?

To understand how password crackers work, you need only understand how password generators
work. Most password generators use some form of cryptography. Cryptography is the practice of
writing in some form of code.

Cryptography

This definition is wide, and I want to narrow it. The etymological root of the word cryptography can
help in this regard. Crypto stems from the Greek word kryptos. Kryptos was used to describe
anything that was hidden, obscured, veiled, secret, or mysterious. Graph is derived from graphia,
which means writing. Thus, cryptography is the art of secret writing. An excellent and concise
description of cryptography is given by Yaman Akdeniz in his paper Cryptography & Encryption:

     Cryptography defined as "the science and study of secret writing," concerns the ways in which
     communications and data can be encoded to prevent disclosure of their contents through
     eavesdropping or message interception, using codes, ciphers, and other methods, so that only
     certain people can see the real message.3

     3Yaman Akdeniz, Cryptography & Encryption August 1996, Cyber-Rights &
     Cyber-Liberties (UK) at
     http://www.leeds.ac.uk/law/pgs/yaman/cryptog.htm. (Criminal Justice
     Studies of the Law Faculty of University of Leeds, Leeds LS2 9JT.)

Most passwords are subjected to some form of cryptography. That is, passwords are encrypted.
To illustrate this process, let me reduce it to its most fundamental. Imagine that you created your own
code, where each letter of the alphabet corresponded to a number (see Figure 10.1).

FIGURE 10.1.
A primitive example of a code.

In Figure 10.1, there is a table, or legend, to the left. Below each letter is a corresponding number.
Thus, A = 7, B = 2, and so forth. This is a code of sorts, similar to the kind seen in secret-decoder
kits found by children in their cereal boxes. You probably remember them: They came with decoder
rings and sometimes even included a tiny code book for breaking the code manually.

Unfortunately, such a code can be easily broken. For example, if each letter has a fixed numeric
counterpart (that is, that counterpart never changes), it means that you will only be using 26 different
numbers (presumably 1 through 26, although you could choose numbers arbitrarily). Assume that the
message you are seeking to hide contains letters but no numbers. Lexical analysis would reveal your
code within a few seconds. There are software programs that perform such analysis at high speed,
searching for patterns common to your language.

ROT-13

Another method (slightly more complex) is where each letter becomes another letter, based on a
standard, incremental (or decremental) operation. To demonstrate this technique, I will defer to
ROT-13 encoding. ROT-13 is a method whereby each letter is replaced by a substitute letter. The
substitute letter is derived by moving 13 letters ahead (see Figure 10.2).

FIGURE 10.2.
The ROT-13 principle of letter substitution.

This, too, is an ineffective method of encoding or encrypting a message (although it reportedly
worked in Roman times for Caesar, who used a shift-by-three formula). There are programs that
quickly identify this pattern. However, this does not mean that techniques like ROT-13 are useless. I
want to illustrate why and, in the process, I can demonstrate the first important point about
passwords and encryption generally:

     Any form of encryption may be useful, given particular circumstances. These circumstances
     may depend upon time, the sensitivity of the information, and from whom you want to hide
     data.

In other words, techniques like the ROT-13 implementation may be quite useful under certain
circumstances. Here is an example: Suppose a user wants to post a cracking technique to a Usenet
group. He or she has found a hole and wants to publicize it while it is still exploitable. Fine. To
prevent bona-fide security specialists from discovering that hole as quickly as crackers, ROT-13 can
be used.

Remember how I pointed out that groups like NCSA routinely download Usenet traffic on a
wholesale basis? Many groups also use popular search engines to ferret out cracker techniques.
These search engines primarily employ regex (regular expression) searches (that is, they search by
word or phrase). For example, the searching party (perhaps NCSA, perhaps any interested party)
may enter a combination of words such as

     crack
     hack
     vulnerability
     hole

When this combination of words is entered correctly, a wealth of information emerges. Correctly
might mean many things; each engine works slightly differently. For example, some render incisive
results if the words are enclosed in quotation marks. This sometimes forces a search that is case
sensitive. Equally, many engines provide for the use of different Boolean expressions. Some even
provide fuzzy-logic searches or the capability to mark whether a word appears adjacent, before, or
after another word or expression.

When the cracker applies the ROT-13 algorithm to a message, such search engines will miss the
post. For example, the message

Guvf zrffntr jnf rapbqrq va EBG-13 pbqvat. Obl, qvq vg ybbx fperjl hagvy jr haeniryrq vg!

is clearly beyond the reach of the average search engine. What it really looks like is this:

This message was encoded in ROT-13 coding. Boy, did it look screwy until we unraveled it!

Most modern mail and newsreaders support ROT-13 encoding and decoding (Free Agent by Forte
is one; Netscape Navigator's Mail package is another). Again, this is a very simple form of encoding
something, but it demonstrates the concept. Now, let's get a bit more specific.

DES and Crypt

Many different operating systems are on the Internet. The majority of servers, however, run some
form of UNIX. On the UNIX platform, all user login IDs and passwords are stored in a central
location. That location, for many years, was in the directory /etc within a file passwd
(/etc/passwd). The format of this file contains various fields. Of those, we are concerned with two:
the login ID and the password.

The login ID is stored plain text, or in perfectly readable English. (This is used as a key for
encryption.) The password is stored in an encrypted form. The encryption process is performed
using Crypt(3), a program based on the data encryption standard (DES). IBM developed the
earliest version of DES; today, it is used on all UNIX platforms for password encryption. DES is
endorsed jointly by the National Bureau of Standards and the National Security Agency. In fact,
since 1977, DES has been the generally accepted method for safeguarding sensitive data. Figure
10.3 contains a brief timeline of DES development.

FIGURE 10.3.
Brief timeline of the development of DES.

DES was developed primarily for the protection of certain nonclassified information that might exist
in federal offices. As set forth in Federal Information Processing Standards Publication 74,
Guidelines for Implementing and Using the NBS Data Encryption Standard:

     Because of the unavailability of general cryptographic technology outside the national security
     arena, and because security provisions, including encryption, were needed in unclassified
     applications involving Federal Government computer systems, NBS initiated a computer
     security program in 1973 which included the development of a standard for computer data
     encryption. Since Federal standards impact on the private sector, NBS solicited the interest
     and cooperation of industry and user communities in this work.

Information about the original mechanical development of DES is scarce. Reportedly, at the request
of the National Security Agency, IBM caused certain documents to be classified. (They will likely
remain so for some years to come.) However, the source code for Crypt(3) (the currently
implementation of DES in UNIX) is widely available. This is significant, because in all the years that
source has been available for Crypt, no one has yet found a way to easily reverse-encode
information encrypted with it.

     TIP: Want to try your luck at cracking Crypt? Get the source! It comes with the
     standard GNU distribution of C libraries, which can be found at
     ftp://gatekeeper.dec.com/glibc-1.09.1.tar.gz. (Please note that if you are
     not on U.S. soil or within U.S. jurisdiction, you must download the source for Crypt
     from a site outside the United States. The site usually given for this is
     ftp://ftp.uni-c.dk./glibc-1.09-crypt.tar.z.

Certain implementations of Crypt work differently. In general, however, the process is as follows:

1. Your password is taken in plain text (or, in cryptographic jargon, clear text).

     2. Your password is then utilized as a key to encrypt a series of zeros (64 in all). The resulting
     encoded text is thereafter referred to as cipher text, the unreadable material that results after
     plain text has been encrypted.

Certain versions of Crypt, notably Crypt(3), take additional steps. For example, after going through
this process, it encrypts the already encrypted text, again using your password as a key. This a fairly
strong method of encryption; it is extremely difficult to break.

In brief, DES takes submitted data and encodes it using a one-way operation sometimes referred to
as a hash. This operation is special from a mathematical point of view for one reason: While it is
relatively simple to encode data this way, decoding it is computationally complex and resource
intensive. It is estimated, for example, that the same password can be encoded in 4,096 different
ways. The average user, without any knowledge of the system, could probably spend his or her
entire life attempting to crack DES and never be successful. To get that in proper perspective,
examine an estimate from the National Institute of Standards and Technology:

     The cryptographic algorithm [DES] transforms a 64-bit binary value into a unique 64-bit
     binary value based on a 56-bit variable. If the complete 64-bit input is used (i.e., none of the
     input bits should be predetermined from block to block) and if the 56-bit variable is randomly
     chosen, no technique other than trying all possible keys using known input and output for the
     DES will guarantee finding the chosen key. As there are over 70,000,000,000,000,000
     (seventy quadrillion) possible keys of 56 bits, the feasibility of deriving a particular key in this
     way is extremely unlikely in typical threat environments.4

     4NIST, December 30, 1993. "Data Encryption Standard (DES)," Federal
     Information Processing Standards Publication 46-2.
     http://csrc.nist.gov/fips/fips46-2.txt.

One would think that DES is entirely infallible. It isn't. Although the information cannot be
reverse-encoded, passwords encrypted via DES can be revealed through a comparative process.
The process works as follows:

1. You obtain a dictionary file, which is really no more than a flat file (plain text) list of words
(these are commonly referred to as wordlists).

2. These words are fed through any number of programs that encrypt each word. Such
encryption conforms to the DES standard.

3. Each resulting encrypted word is compared with the target password. If a match occurs,
there is better than a 90 percent chance that the password was cracked.

This in itself is amazing; nevertheless, password-cracking programs made for this purpose are even
more amazing than they initially appear. For example, such cracking programs often subject each
word to a list of rules. A rule could be anything, any manner in which a word might appear. Typical
rules might include

        Alternate upper- and lowercase lettering.
        Spell the word forward and then backward, and then fuse the two results (for example: cannac).
        Add the number 1 to the beginning and/or end of each word.

Naturally, the more rules one applies to the words, the longer the cracking process takes. However,
more rules also guarantee a higher likelihood of success. This is so for a number of reasons:

The UNIX file system is case sensitive (WORKSTATION is interpreted differently than Workstation or workstation). That alone makes a UNIX password infinitely more complex to crack than a password generated on a DOS/Windows
machine.
Alternating letters and numbers in passwords is a common practice by those aware of security issues. When cracking passwords from such a source, many rules should be applied.

The emergence of such programs has greatly altered the security of the Internet. The reasons can be
easily understood by anyone. One reason is because such tools are effective:

     Crypt uses the resistance of DES to known plain text attack and make it computationally
     unfeasible to determine the original password that produced a given encrypted password by
     exhaustive search. The only publicly known technique that may reveal certain passwords is
     password guessing: passing large wordlists through the crypt function to see if any match the
     encrypted password entries in an /etc/passwd file. Our experience is that this type of attack
     is successful unless explicit steps are taken to thwart it. Generally we find 30 percent of the
     passwords on previously unsecured systems.5

5David Feldmeier and Philip R. Karn. UNIX Password Security--Ten Years Later.
(Bellcore).

Another reason is that the passwords on many systems remain available. In other words, for many
years, the task of the cracker was nearly over if he or she could obtain that /etc/passwd file.
When in possession of the encrypted passwords, a suitably powerful machine, and a cracking
program, the cracker was ready to crack (provided, of course, that he or she had good wordlists).

Wordlists are generally constructed with one word per line, in plain text, and using no carriage
returns. They average at about 1MB each (although one could feasibly create a wordlist some
20MB in size). As you may have guessed, many wordlists are available on the Internet; these come
in a wide variety of languages (thus, an American cracker can crack an Italian machine and vice
versa).

     Cross Reference: There are a few popular depositories for wordlists. These
     collections contain every imaginable type of wordlist. Some are simply dictionaries and
     others contain hyphenated words, upper and lower case, and so on. One exceptionally
     good source is at http://sdg.ncsa.uiuc.edu/~mag/Misc/Wordlists.html.
     However, perhaps the most definitive collection is available at the COAST project at
     Purdue. Its page is located at http://www.cs.purdue.edu/coast/.

The Password-Cracking Process

Before I get even more specific, I want to graphically illustrate the password-cracking process (see
Figure 10.4).

The graphical representation in Figure 10.4 will serve you well. I want to explain a bit about each
portion of the process. First, I should briefly cover the hardware issues.

Hardware Issues

As noted in Figure 10.4, a 66MHz machine or higher is typical. Indeed, it is a basic requirement.
Without delving deep into an argument for this or that processor (or this or that platform), I should at
least state this: In actual practice, cracking a large password file is a CPU- and memory-intensive
task. It can often take days. Whether you are a hobbyist, cracker, or system administrator, you
would be well advised to take note of this point. Before actually cracking a large password file, you
might want to inventory your equipment and resources.

I have found that to perform a successful (and comfortable) crack of a large password file, one
should have 66MHz of processing power and 32MB of RAM (or better). It can be done with less,
even a 25MHz processor and 8MB of RAM. However, if you use a machine so configured, you
cannot expect to use it for any other tasks. (At least, this is true of any IBM AT compatible. I have
seen this done on a Sun SPARCstation 1 and the user was still able to run other processes, even in
OpenWindows.)

FIGURE 10.4.
The process of cracking, graphically illustrated.

Equally, there are techniques for overcoming this problem. One is the parlor trick of distributed
cracking. Distributed cracking is where the cracker runs the cracking program in parallel, on
separate processors. There are a few ways to do this. One is to break the password file into pieces
and crack those pieces on separate machines. In this way, the job is distributed among a series of
workstations, thus cutting resource drain and the time it takes to crack the entire file.

The problem with distributed cracking is that it makes a lot of noise. Remember the Randal Schwartz
case? Mr. Schwartz probably would never have been discovered if he were not distributing the CPU
load. Another system administrator noticed the heavy processor power being eaten. (He also noted
that one process had been running for more than a day.) Thus, distributed cracking really isn't viable
for crackers unless they are the administrator of a site or they have a network at home (which is not
so unusual these days; I have a network at home that consists of Windows 95, Windows NT, Linux,
Sun, and Novell boxes).

The Mechanics of Password Cracking

In any event, as Figure 10.4 shows, the wordlist is sent through the encryption process, generally
one word at a time. Rules are applied to the word and, after each such application, the word is again
compared to the target password (which is also encrypted). If no match occurs, the next word is
sent through the process.

Some password crackers perform this task differently. Some take the entire list of words, apply a
rule, and from this derive their next list. This list is then encrypted and matched against the target
password. The difference is not academic. The second technique is probably much faster.

In the final stage, if a match occurs, the password is then deemed cracked. The plain-text word is
then piped to a file (recorded in a plain-text file for later examination).

It is of some significance that the majority of password cracking utilities are not user friendly. In fact,
when executed, some of them forward nothing more than a cryptic message, such as

File?

Most also do not have extensive documentation with them. There are a few reasons for this
phenomenon:

There is very little left to say. The program cracks passwords and does nothing more.

     The majority are authored by crackers from the underground. Thus, the programs were
     developed on the fly, and these individuals have little time to generate complex help files and
     tutorials. It is assumed that when you unpack such a tool, you know what you are doing. (The
     exceptions to this rule are, of course, those cracking utilities that are written by bona fide
     security professionals. These usually include release notes, explaining pitfalls, bugs, and
     possible solutions. Some even come with a few sample wordlists. These generally consist of
     several hundred words and proper names.)

The Password Crackers

The remainder of this chapter is devoted to individual password crackers. Some are made for
cracking UNIX passwd files, and some are not. Some of the tools here are not even password
crackers; instead, they are auxiliary utilities that can be used in conjunction with (or for the
improvement of) existing password crackers.

Crack by Alec Muffett

Crack is probably the most celebrated tool for cracking encrypted UNIX passwords. It is now the
industry standard for checking networks for characteristically weak passwords. It was written by
Alec D. E. Muffet, a UNIX software engineer in Wales. In the docs provided with the distribution,
Mr. Muffett concisely articulates the program's purpose:

     Crack is a freely available program designed to find standard UNIX eight-character DES
     encrypted passwords by standard guessing techniques...It is written to be flexible,
     configurable and fast, and to be able to make use of several networked hosts via the Berkeley
     rsh program (or similar), where possible.

Crack is for use on UNIX platforms only. It comes as a tarred, g'zipped file and is available at so
many sites, I will refrain from listing them here (use the search string crack-4.1.tar.gz or
crack-4.1.tar.Z). After downloaded to the local disk, it is unzipped and untarred into a suitable
directory (I prefer putting it into the /root/ directory tree). After you finish that process, your
directory (Crack-4.1) will look similar to the one shown in Figure 10.5.

FIGURE 10.5.
The Crack directory structure.

To get up and running, you need only set the root directory for Crack (this is the directory beneath
which all the Crack resources can be found). This value is assigned to a variable (Crack_Home) in
the configuration files. This is merely an environment variable that, when set, tells the Crack program
where the remaining resources reside. To set this variable, edit the file Crack, which is a /bin/sh
script that starts up the Crack engine. After editing this file, you can begin. This file, which consists of
plain-text commands, code, and variables, can be edited in any text editor or word processor.
However, it must be saved to plain text.

     NOTE: You may or may not need to quickly acquire a wordlist. As it happens, many
     distributions of Crack are accompanied by sample wordlist (or dictionary) files. Your
     mileage may vary in this respect. I would suggest getting your copy of Crack from
     established (as opposed to underground) sites. This will make it more likely that you
     will get a sample wordlist (although to do any serious password cracking, you will need
     to acquire bigger and more suitable wordlists).

You initiate a Crack session by calling the program and providing the name of a password file and
any command-line arguments, including specifications for using multiple workstations and such. If
you refer to the Xterm snapshot in Figure 10.5, you will see a file there named my_password_file.
This is a sample passwd file that I cracked to generate an example. To crack that file, I issued the
following command:

Crack my_password_file

Crack started the process and wrote the progress of the operation to files with an out prefix. In this
case, the file was called outSamsHack300. Following is an excerpt from that file; examine it closely.

pwc: Jan 30 19:26:49 Crack v4.1f: The Password Cracker, (c) Alec D.E. Muffett, 1992
pwc: Jan 30 19:26:49 Loading Data, host=SamsHack pid=300
pwc: Jan 30 19:26:49 Loaded 2 password entries with 2 different (salts: 100%
pwc: Jan 30 19:26:49 Loaded 240 rules from `Scripts/dicts.rules'.
pwc: Jan 30 19:26:49 Loaded 74 rules from `Scripts/gecos.rules'.
pwc: Jan 30 19:26:49 Starting pass 1 - password information
pwc: Jan 30 19:26:49 FeedBack: 0 users done, 2 users left to crack.
pwc: Jan 30 19:26:49 Starting pass 2 - dictionary words
pwc: Jan 30 19:26:49 Applying rule `!?Al' to file `Dicts/bigdict'
pwc: Jan 30 19:26:50 Rejected 12492 words on loading, 89160 words (left to sort
pwc: Jan 30 19:26:51 Sort discarded 947 words; FINAL DICTIONARY (SIZE: 88213
pwc: Jan 30 19:27:41 Guessed ROOT PASSWORD root (/bin/bash (in my_password_file) [laura] EYFu7c842Bcus
pwc: Jan 30 19:27:41 Closing feedback file.

As you can see, Crack guessed the correct password for root. This process took just under a
minute. Line 1 reveals the time at which the process was initiated (Jan 30 19:26:49); line 12 reveals
that the password--Laura--was cracked at 19:27:41. This was done using a 133MHz processor
and 32MB of RAM.

Because the password file I used was so small, neither time nor resources was an issue. In practice,
however, if you are cracking a file with hundreds of entries, Crack will eat resources voraciously.
This is especially so if you are using multiple wordlists that are in compressed form. (Crack will
actually identify these as compressed files and will uncompress them.)

As mentioned earlier, Crack can distribute the work to different workstations on a UNIX network.
Even more extraordinary than this, the machines can be of different architectures. Thus, you might
have an IBM-compatible running Linux, a RS/6000 running AIX, and a Macintosh running A/UX.

Crack is extremely lightweight and is probably the most reliable password cracker available.

     TIP: To perform a networked cracking session, you must build a network.conf file.
     This is used by the program to identify which hosts to network, their architecture, and
     other key variables. One can also specify command-line options that are invoked as
     Crack is unleashed on each machine. In other words, each machine may be running
     Crack and using different command-line options. This can be conveniently managed
     from one machine.

     Cross Reference: Macintosh users can also enjoy the speed and efficiency of Crack
     by using the most recent port of it, called MacKrack v2.01b1. It is available at
     http://www.borg.com/~docrain/mac-hack.html.

CrackerJack by Jackal

CrackerJack is a renowned UNIX password cracker designed expressly for the DOS platform.
Contrary to popular notions, CrackerJack is not a straight port of Crack (not even close).
Nevertheless, CrackerJack is an extremely fast and easy-to-use cracking utility. For several years,
CrackerJack has been the choice for DOS users; although many other cracker utilities have cropped
up, CrackerJack remains quite popular (it's a cult thing). Later versions were reportedly compiled
using GNU C and C++. CrackerJack's author reports that through this recompiling process, the
program gained noticeable speed.

TIP: CrackerJack also now works on the OS/2 platform.

The are some noticeable drawbacks to CrackerJack, including

Users can only specify one dictionary file at a time.

Memory-allocation conventions prevent CrackerJack from running in Windows 95.

Despite these snags, CrackerJack is reliable and, for moderate tasks, requires only limited
resources. It takes sparse processor power, doesn't require a windowed environment, and can run
from a floppy.

Cross Reference: CrackerJack is widely available, although not as widely as one
would expect. Here are a few reliable sites:

http://www.fc.net/phrack/under/misc.html

http://www.ilf.net/~toast/files/

http://www.paranoia.com/~steppin/misc.html

http://www.interware.net/~jcooper/cracks.htm

http://globalkos.org/files.html

PaceCrack95 (pacemkr@bluemoon.net)

PaceCrack95 is designed to work on the Windows 95 platform in console mode, in a shell window.
Its author reports that PaceCrack95 was prompted by deficiencies in other DOS-based crackers.
He writes:

     Well you might be wondering why I have written a program like this when there already is
     [sic] many out there that do the same thing. There are many reasons, I wanted to challenge
     myself and this was a useful way to do it. Also there was this guy (Borris) that kept bugging
     me to make this for him because Cracker Jack (By Jackal) doesn't run in Win95/NT because
     of the weird way it uses the memory. What was needed was a program that runs in Win95
     and the speed of the cracking was up there with Cracker Jack.

To the author's credit, he created a program that does just that. It is fast, compact, and efficient.
Unfortunately, however, PaceCrack95 is a new development not yet widely available (I believe it
was distributed in July 1996).

     Cross Reference: There is a shortage of reliable sites from which to retrieve
     PaceCrack95, but it can be found at
     http://tms.netrom.com/~cassidy/crack.htm.

Qcrack by the Crypt Keeper

Qcrack was originally designed for use on the Linux platform. It has recently been ported to the
MS-DOS/Windows platform (reportedly sometime in July 1996). Qcrack is therefore among the
newest wave of password crackers that have cropped up in the last year or so. This has increased
the number of choices in the void. This utility is extremely fast, but there are some major drawbacks.
One relates to storage. As the author, the Crypt Keeper, explains:

     QInit [one of several binaries in the distribution] generates a hash table where each entry
     corresponds to a salt value and contains the first two bytes of the hash. Each password
     becomes about 4KB worth of data, so this file gets large quickly. A file with 5000 words can
     be expected to be 20MB of disk. This makes it important to have both a lot of disk space,
     and a very select dictionary. Included, a file called cpw is a list containing what I consider to
     be "good" words for the typical account. I have had zero hits with this file on some password
     files, and I have also had almost a 30 percent hit rate on others.

     NOTE: Note that Qcrack is a bit slower than some other utilities of this nature, but is
     probably worth it. Parallelizing is possible, but not in the true sense. Basically, one can
     use different machines and use different dictionaries (as Qcrack's author suggests).
     However, this is not the same form of parallelizing that can be implemented with
     Muffett's Crack. (Not to split hairs, but using Qcrack in this fashion will greatly speed
     up the process of the crack.)

Just one more interesting tidbit: The author of Qcrack, in a stroke of vision, suggested that someone
create a CD-ROM of nothing but wordlist dictionaries (granted, this would probably be of less use
to those with slow CD-ROMs; repeated access across drives could slow the system a bit).

Cross Reference: Qcrack can be found in the following places:

http://lix.polytechnique.fr/~delaunay/bookmarks/linux/qcrack.html

http://klon.ipr.nl/underground/underground.html

http://tms.netrom.com/~cassidy/crack.htm

John the Ripper by Solar Designer

John the Ripper is a relatively new UNIX password cracker that runs on the DOS/Windows 95
platform. The binary distribution suggests that the coding was finished in December 1996. Early
distributions of this program were buggy. Those of you working with less than 4MB of RAM might
want to avoid this utility. Its author suggests that the program can run with less than 4MB, but a lot of
disk access will be going on.

     Cross Reference: John the Ripper runs on Linux as well. The Linux version is
     currently in beta and is being distributed as an ELF binary. It can be found by searching
     for the string john-linux.tar.zip.

Undoubtedly, these early efforts were flawed because the author attempted to include so many
functions. Although John the Ripper may not yet be perfect, it is sizing up as quite a program. It runs
in DOS (or in Windows 95 via a shell window) and has extensive options. Rather than list those
here, I have provided a screenshot of the opening screen that appears if you start John without any
arguments (see Figure 10.6).

FIGURE 10.6.
The John the Ripper opening screen.

In this respect, John incorporates many of the amenities and necessities of other, more established
programs. I fully expect that within six months of this writing, John the Ripper will be among the most
popular cracking utilities.

     Cross Reference: The DOS version of John the Ripper, which is relatively large in
     terms of password crackers, can be found at
     http://tms.netrom.com/~cassidy/crack.htm.

Pcrack (PerlCrack; Current Version Is 0.3) by Offspring and Naïve

Pcrack is a Perl script for use on the UNIX platform (this does not mean that Pcrack couldn't be
implemented on the NT platform; it simply means that some heavy-duty porting would be in order).
This utility has its advantages because it is quite compact and, when loaded onto the interpreter, fast.
Nonetheless, one must obviously have not only some form of UNIX, but also access to Perl. As I
have already pointed out, such utilities are best employed by someone with root access to a UNIX
box. Many system administrators have undertaken the practice of restricting Perl access these days.

Cross Reference: Pcrack is not widely available, but
http://tms.netrom.com/~cassidy/crack.htm appears to be a reliable source.

Hades by Remote and Zabkar (?)

Hades is yet another cracking utility that reveals UNIX /etc/passwd passwords. Or is it? Hades is
very fast, faster than Muffett's Crack and far faster than CrackerJack (at least in tests I have
performed).

The distribution comes with some source code and manual pages, as well as an advisory, which I
quote here:

     We created the Hades Password Cracker to show that world-readable encrypted passwords
     in /etc/passwd are a major vulnerability of the UNIX operating system and its derivatives.
     This program can be used by system operators to discover weak passwords and disable
     them, in order to make the system more secure.

With the exception of Muffett's Crack, Hades is the most well-documented password cracker
available. The authors have taken exceptional care to provide you with every possible amenity. The
Hades distribution consists of a series of small utilities that, when employed together, formulate a
powerful cracking suite. For each such utility, a man (manual) page exists. The individual utilities
included with the distribution perform the following functions:

The Merge utility merges two dictionaries (wordlists) into a third, the name of which is
specified by you.

The Optimize utility cleans dictionary (wordlists) files by formatting them; all duplicate entries
can be conveniently deleted and long words are truncated.

The Hits utility archives all passwords cracked in a previous section, outputting the data to a
user-specified file. From this file, Hades can derive another dictionary.

     Cross Reference: Hades is so widely available that I will refrain from giving a list of
     sites here. Users who wish to try out this well-crafted utility should search for one or
     both of the following search terms:

hades.zip

hades.arj

Star Cracker by the Sorcerer

Star Cracker was designed to work under the DOS4GW environment. Okay...this particular utility
is a bit of a curiosity. The author was extremely thorough, and although the features he or she added
are of great value and interest, one wonders when the author takes out time to have fun. In any
event, here are some of the more curious features:

     Fail-safe power outage provision--If there is a blackout in your city and your computer goes
     down, your work is not lost. (Is that a kicker or what?) Upon reboot, Star Cracker recovers
     all the work previously done (up until the point of the power outage) and keeps right on going.

     Time-release operation--You can establish time windows when the program is to do its work.
     That means you could specify, "Crack this file for 11 hours. When the 11 hours are up, wait 3
     hours more. After the 3 hours more, start again."

To UNIX users, this second amenity doesn't mean much. UNIX users have always had the ability to
time jobs. However, on the DOS platform, this capability has been varied and scarce (although there
are utilities, such as tm, that can schedule jobs).

Moreover, this cracking utility has a menu of options: functions that make the cracking process a lot
easier. You've really got to see this one to believe it. A nicely done job.

Cross Reference: Star Cracker is available at
http://citus.speednet.com.au/~ramms/.

Killer Cracker by Doctor Dissector

Killer Cracker is another fairly famous cracking engine. It is distributed almost always as source
code. The package compiles without event on a number of different operating systems, although I
would argue that it works best under UNIX.

NOTE: Unless you obtain a binary release, you will need a C compiler.

Killer Cracker has so many command-line options, it is difficult to know which ones to mention here.
Nonetheless, here are a few highlights of this highly portable and efficient cracking tool:

Manipulation of some rules at the command prompt, including case sensitivity.

Command-line specification for method of operation, including in what order the words are
tested (for example, test each word completely before moving on to the next).

Under BSD, Killer Crack can be instructed to monopolize the processor altogether, forcing
the maximum amount of CPU power available for the crack.

The program can check for nonprintable and control characters as possible keystrokes within
the current target password file.

In all, this program is quite complete. Perhaps that is why it remains so popular. It has been ported
to the Macintosh operating system, it works on a DOS system, and it was designed under UNIX. It
is portable and easily compiled.

Cross Reference: Killer Cracker can be obtained at these locations:

http://hack.box.sk/stuff/linux1/kc9.zip (DOS 16 bit)

http://hack.box.sk/stuff/linux1/kc9_32.zip (DOS 32 bit)

http://www.ilf.net/Toast/files/unix/kc9_11.tgz (UNIX)

http://www.netaxs.com/~hager/mac/hack/KillerCrackerv8.sit.bin
(Mac)

Hellfire Cracker by the Racketeer and the Presence

Another grass-roots work, Hellfire Cracker is a utility for cracking UNIX password files using the
DOS platform. It was developed using the GNU compiler. This utility is quite fast, although not by
virtue of the encryption engine. Its major drawback is that user-friendly functions are practically
nonexistent. Nevertheless, it makes up for this in speed and efficiency.

One amenity of Hellfire is that it is now distributed almost exclusively in binary form, which obviates
the need for a C compiler.

     Cross Reference: This utility can be found on many sites, but I have encountered
     problems finding reliable ones. This one, however is reliable:
     http://www.ilf.net/~toast/files/.

XIT by Roche'Crypt

XIT is yet another UNIX /etc/passwd file cracker, but it is a good one. Distinguishing
characteristics include

The capability to recover from power failure or sudden reboot

Full C source code available for analysis

The capability to provide up-to-the-second status reports

Full support for (get this!) 286 machines

The capability to exploit the existence of a disk cache for speed and increased performance

The Claymore utility has been around for several years. However, it is not as widely available as one
would expect. It also comes in different compressed formats, although the greater number are
zipped.

Cross Reference: One reliable place to find XIT is
http://www.ilf.net/~toast/files/xit20.zip.

Claymore by the Grenadier

The Claymore utility is slightly different from its counterparts. It runs on any Windows platform,
including 95 and NT.

NOTE: Claymore does not work in DOS or even a DOS shell window.

Figure 10.7 shows Claymore's opening window.

FIGURE 10.7.
The Claymore opening screen.

There is not a lot to this utility, but some amenities are worth mentioning. First, Claymore can be
used as a brute force cracker for many systems. It can be used to crack UNIX /etc/passwd files,
but it can also be used to crack other types of programs (including those requiring a login/password
pair to get in).

One rather comical aspect of this brute force cracker is its overzealousness. According to the author:

     Keep an eye on the computer. Claymore will keep entering passwords even after it has
     broken through. Also remember that many times a wrong password will make the computer
     beep so you may want to silence the speaker. Sometimes Claymore will throw out key
     strokes faster than the other program can except them. In these cases tell Claymore to repeat
     a certain key stroke, that has no other function in the target program, over and over again so
     that Claymore is slowed down and the attacked program has time to catch up.

This is what I would classify as a true, brute-force cracking utility! One interesting aspect is this: You
can specify that the program send control and other nonprintable characters during the crack. The
structure of the syntax to do so suggests that Claymore was written in Microsoft Visual Basic.
Moreover, one almost immediately draws the conclusion that the VB function SendKeys plays a big
part of this application. In any event, it works extremely well.

     Cross Reference: Claymore is available at many locations on the Internet, but
     http://www.ilf.net/~toast/files/claym10.zip is almost guaranteed to be
     available.

Guess by Christian Beaumont

Guess is a compact, simple application designed to attack UNIX /etc/passwd files. It is presented
with style but not much pomp. The interface is designed for DOS, but will successfully run through a
DOS windowed shell. Of main interest is the source, which is included with the binary distribution.
Guess was created sometime in 1991, it seems. For some reason, it has not yet gained the notoriety
of its counterparts; this is strange, for it works well.

Cross Reference: Guess is available widely, so I will refrain from listing locations
here. It is easy enough to find; use the search string guess.zip.

PC UNIX Password Cracker by Doctor Dissector

I have included the PC UNIX Password Cracker utility (which runs on the DOS platform) primarily
for historical reasons. First, it was released sometime in 1990. As such, it includes support not only
for 386 and 286 machines, but for 8086 machines. (That's right. Got an old XT lying around the
house? Put it to good use and crack some passwords!) I won't dwell on this utility, but I will say this:
The program is extremely well designed and has innumerable command-line options. Naturally, you
will probably want something a bit more up to date (perhaps other work of the good Doctor's) but if
you really do have an old XT, this is for you.

Cross Reference: PC UNIX Cracker can be found at
http://www.ilf.net/~toast/files/pwcrackers/pcupc201.zip.

Merlin by Computer Incident Advisory Capability (CIAC) DOE

Merlin is not a password cracker. Rather, it is a tool for managing password crackers as well as
scanners, audit tools, and other security-related utilities. In short, it is a fairly sophisticated tool for
holistic management of the security process. Figure 10.8 shows Merlin's opening screen.

Merlin is for UNIX platforms only. It has reportedly been tested (with positive results) on a number
of flavors, including but not limited to IRIX, Linux, SunOS, Solaris, and HP-UX.

One of the main attractions of Merlin is this: Although it has been specifically designed to support
only five common security tools, it is highly extensible (it is written in Perl almost exclusively). Thus,
one could conceivably incorporate any number of tools into the scheme of the program.

Merlin is a wonderful tool for integrating a handful of command-line tools into a single, easily
managed package. It addresses the fact that the majority of UNIX-based security programs are
based in the command-line interface (CLI). The five applications supported are

     COPS
     Tiger
     Crack
     TripWire
     SPI (government contractors and agencies only)

FIGURE 10.8.
Merlin's opening screen.

Note that Merlin does not supply any of these utilities in the distribution. Rather, you must acquire
these programs and then configure Merlin to work with them (similar to the way one configures
external viewers and helpers in Netscape's Navigator). The concept may seem lame, but the tool
provides an easy, centralized point from which to perform some fairly common (and grueling)
security tasks. In other words, Merlin is more than a bogus front-end. In my opinion, it is a good
contribution to the security trade.

     TIP: Those who are new to the UNIX platform may have to do a little hacking to get
     Merlin working. For example, Merlin relies on you to have correctly configured your
     browser to properly handle *.pl files (it goes without saying that Perl is one requisite).
     Also, Merlin apparently runs an internal HTTP server and looks for connections from
     the local host. This means you must have your system properly configured for
     loopback.

Merlin (and programs like it) are an important and increasing trend (a trend kicked off by Farmer
and Venema). Because such programs are designed primarily in an HTML/Perl base, they are highly
portable to various platforms in the UNIX community. They also tend to take slim network
resources and, after the code has been loaded into the interpreter, they move pretty fast. Finally,
these tools are easier to use, making security less of an insurmountable task. The data is right there
and easily manipulated. This can only help strengthen security and provide newbies with an
education.

Other Types of Password Crackers

Now you'll venture into more exotic areas. Here you will find a wide variety of password crackers
for almost any type of system or application.

ZipCrack by Michael A. Quinlan

ZipCrack does just what you would think it would: It is designed to brute-force passwords that have
been applied to files with a *.zip extension (in other words, it cracks the password on files
generated with PKZIP).

No docs are included in the distribution (at least, not the few files that I have examined), but I am not
sure there is any need. The program is straightforward. You simply provide the target file, and the
program does the rest.

The program was written in Turbo Pascal, and the source code is included with the distribution.
ZipCrack will work on any IBM-compatible that is a 286 or higher. The file description reports that
ZipCrack will crack all those passwords generated by PKZIP 2.0. The author also warns that
although short passwords can be obtained within a reasonable length of time, long passwords can
take "centuries." Nevertheless, I sincerely doubt that many individuals provide passwords longer than
five characters. ZipCrack is a useful utility for the average toolbox; it's one of those utilities that you
think you will never need and later, at 3:00 in the morning, you swear bitterly because you don't have
it.

Cross Reference: ZipCrack is widely available; use the search string
zipcrk10.zip.

Fast Zip 2.0 (Author Unknown)

Fast Zip 2.0 is, essentially, identical to ZipCrack. It cracks zipped passwords.

Cross Reference: To find Fast Zip 2.0, use the search string fzc101.zip.

Decrypt by Gabriel Fineman

An obscure but nonetheless interesting utility, Decrypt breaks WordPerfect passwords. It is written
in BASIC and works well. The program is not perfect, but it is successful a good deal of the time.
The author reports that Decrypt checks for passwords with keys from 1 through 23. The program
was released in 1993 and is widely available.

Cross Reference: To find Decrypt, use the search string decrypt.zip.

Glide (Author Unknown)

There is not a lot of documentation with the Glide utility. This program is used exclusively to crack
PWL files, which are password files generated in Microsoft Windows for Workgroups and later
versions of Windows. The lack of documentation, I think, is forgivable. The C source is included
with the distribution. For anyone who hacks or cracks Microsoft Windows boxes, this utility is a
must.

Cross Reference: Glide is available at these locations:

http://www.iaehv.nl/users/rvdpeet/unrelate/glide.zip

http://hack.box.sk/stuff/glide.zip

http://www.ilf.net/~toast/files/pwcrackers/glide.zip

AMI Decode (Author Unknown)

The AMI Decode utility is designed expressly to grab the CMOS password from any machine using
an American Megatrends BIOS. Before you go searching for this utility, you might try the
factory-default CMOS password. It is, oddly enough, AMI. In any event, the program works, and
that is what counts.

Cross Reference: To find AMI Decode, use the search string amidecod.zip.

NetCrack by James O'Kane

NetCrack is an interesting utility for use on the Novell NetWare platform. It applies a brute-force
attack against the bindery. It's slow, but still quite reliable.

Cross Reference: To find NetCrack, use the search string netcrack.zip.

PGPCrack by Mark Miller

Before readers who use PGP get worked up, a bit of background is in order. Pretty Good Privacy
(PGP) is probably the strongest and most reliable encryption utility available to the public sector. Its
author, Phil Zimmermann, sums it up as follows:

     PGPTM uses public-key encryption to protect e-mail and data files. Communicate securely
     with people you've never met, with no secure channels needed for prior exchange of keys.
     PGP is well featured and fast, with sophisticated key management, digital signatures, data
     compression, and good ergonomic design.

PGP can apply a series of encryption techniques. One of these, which is discussed in Chapter 13,
"Techniques to Hide One's Identity," is IDEA. To give you an idea of how difficult IDEA is to crack,
here is an excerpt from the PGP Attack FAQ, authored by Route (an authority on encryption and a
member of "The Guild," a hacker group):

     If you had 1,000,000,000 machines that could try 1,000,000,000 keys/sec, it would still take
     all these machines longer than the universe as we know it has existed and then some, to find
     the key. IDEA, as far as present technology is concerned, is not vulnerable to brute-force
     attack, pure and simple.

In essence, a message encrypted using a 1024-bit key generated with a healthy and long passphrase
is, for all purposes, unbreakable. So, why did Mr. Miller author this interesting tool? Because
passphrases can be poorly chosen and, if a PGP-encrypted message is to be cracked, the
passphrase is a good place to start. Miller reports:

     On a 486/66DX, I found that it takes about 7 seconds to read in a 1.2 megabyte passphrase
     file and try to decrypt the file using every passphrase. Considering the fact that the NSA,
     other government agencies, and large corporations have an incredible amount of computing
     power, the benefit of using a large, random passphrase is quite obvious.

Is this utility of any use? It is quite promising. Miller includes the source with the distribution as well
as a file of possible passphrases (I have found at least one of those passphrases to be one I have
used). The program is written in C and runs in the DOS, UNIX, and OS/2 environments.

Cross Reference: PGPCrack is available at several, reliable locations, including

http://www.voicenet.com/~markm/pgpcrack.html (DOS version)

http://www.voicenet.com/~markm/pgpcrack-os2.zip (OS/2 version)

http://www.voicenet.com/~markm/pgpcrack.v99b.tar.gz (UNIX
version)

The ICS Toolkit by Richard Spillman

The ICS Toolkit utility is an all-purpose utility for studying Cryptanalysis. It runs well in Microsoft
Windows 3.11 but is more difficult to use in Windows 95 or Windows NT. It uses an older version
of VBRUN300.DLL and therefore, users with later versions would be wise to move the newer copy to
a temporary directory. (The ICS application will not install unless it can place its version of
VBRUN300.DLL into the c:\windows\system directory.) This utility will help you learn how ciphers
are created and how to break them. It is really quite comprehensive, although it takes some ingenuity
to set up. It was programmed for older versions of Microsoft Windows. The interface is more
utilitarian than attractive.

EXCrack by John E. Kuslich

The EXCrack utility recovers passwords applied in the Microsoft Excel environment. Mr. Kuslich is
very clear that this software is not free but licensable (and copyrighted); therefore, I have neglected
to provide screenshots or quoted information. It's safe to say the utility works well.

Cross Reference: To find EXCrack, use the search string excrak.zip.

CP.EXE by Lyal Collins

CP.EXE recovers or cracks passwords for CompuServe that are generated in CISNAV and
WINCIM. It reportedly works on DOSCIM passwords as well. It a fast and reliable way to test
whether your password is vulnerable to attack.

Cross Reference: This utility has been widely distributed and can be found by issuing
the search string cis_pw.zip.

Password NT by Midwestern Commerce, Inc.

The Password NT utility recovers, or cracks, administrator password files on the Microsoft
Windows NT 3.51 platform. In this respect, it is the NT equivalent of any program that cracks the
root account in UNIX. Note that some hacking is required to use this utility; if the original drive on
which the target password is located is NTFS (and therefore access-control options are enabled),
you will need to move the password to a drive that is not access-control protected. To do this, you
must move the password to a drive also running 3.51 workstation or server. Therefore, this isn't
really an instant solution. Nevertheless, after everything is properly set, it will take no time at all.

Cross Reference: A nicely done utility, Password NT is always available at the
company's home page (http://www.omna.com/yes/AndyBaron/recovery.htm).

There are well over 100 other utilities of a similar character. I will refrain from listing them here. I
think that the previous list is sufficient to get you started studying password security. At least you can
use these utilities to test the relative strength of your passwords.

Resources

At this stage, I would like to address some concepts in password security, as well as give you
sources for further education.

I hope that you will go to the Net and retrieve each of the papers I am about to cite. If you are
serious about learning security, you will follow this pattern throughout this book. By following these
references in the order they are presented, you will gain an instant education in password security.
However, if your time is sparse, the following paragraphs will at least provide you with some insight
into password security.

About UNIX Password Security

UNIX password security, when implemented correctly, is fairly reliable. The problem is that people
pick weak passwords. Unfortunately, because UNIX is a multi-user system, every user with a weak
password represents a risk to the remaining users. This is a problem that must be addressed:

     It is of utmost importance that all users on a system choose a password that is not easy to
     guess. The security of each individual user is important to the security of the whole system.
     Users often have no idea how a multi-user system works and don't realize that they, by
     choosing an easy-to-remember password, indirectly make it possible for an outsider to
     manipulate the entire system.6

6Walter Belgers, UNIX Password Security. December 6, 1993.

     TIP: The above-mentioned paper, UNIX Password Security, gives an excellent
     overview of exactly how DES works into the UNIX password scheme. This includes a
     schematic that shows the actual process of encryption using DES. For users new to
     security, this is an excellent starting point.

Cross Reference: Locate UNIX Password Security by entering the search string
password.ps.

What are weak passwords? Characteristically, they are anything that might occur in a dictionary.
Moreover, proper names are poor choices for passwords. However, there is no need to theorize on
what passwords are easily cracked. Safe to say, if the password appears in a password cracking
wordlist available on the Internet, the password is no good. So, instead of wondering, get yourself a
few lists.

Cross Reference: Start your search for wordlists at
http://sdg.ncsa.uiuc.edu/~mag/Misc/Wordlists.html.

By regularly checking the strength of the passwords on your network, you can ensure that crackers
cannot penetrate it (at least not through exploiting bad password choices). Such a regimen can
greatly improve your system security. In fact, many ISPs and other sites are now employing tools
that check a user's password when it is first created. This basically implements the philosophy that

     ...the best solution to the problem of having easily guessed passwords on a system is to
     prevent them from getting on the system in the first place. If a program such as a password
     cracker reacts by guessing detectable passwords already in place, then although the security
     hole is found, the hole existed for as long as the program took to detect it...If however, the
     program which changes users' passwords...checks for the safety and guessability before that
     password is associated with the user's account, then the security hole is never put in place.7

     7Matthew Bishop, UC Davis, California, and Daniel Klein, LoneWolf Systems Inc.
     "Improving System Security via Proactive Password Checking." (Appeared in
     Computers and Security [14, pp. 233-249], 1995.)

     TIP: This paper is probably one of the best case studies and treatments of
     easily-guessable passwords. It treats the subject in depth, illustrating real-life examples
     of various passwords that one would think are secure but actually are not.

Cross Reference: Locate Improving System Security via Proactive Password
Checking by entering the search string bk95.ps.

     NOTE: As you go along, you will see many of these files have a *.ps extension. This
     signifies a PostScript file. PostScript is a language and method of preparing
     documents. It was created by Adobe, the makers of Acrobat and Photoshop.
     To read a PostScript file, you need a viewer. One very good one is Ghostscript, which
     is shareware and can be found at http://www.cs.wisc.edu/~ghost/.

Another good package (and a little more lightweight) is a utility called Rops. Rops is
available for Windows and is located here:

http://www5.zdnet.com/ (the ZDNet software library)

http://oak.oakland.edu (the Oak software repository)

Other papers of importance include the following:

"Observing Reusable Password Choices"

Purdue Technical Report CSD-TR 92-049

Eugene H. Spafford

Department of Computer Sciences, Purdue University

Date: July 3, 1992

Search String: Observe.ps

"Password Security: A Case History"

Robert Morris and Ken Thompson

Bell Laboratories

Date: Unknown

Search String: pwstudy.ps

"Opus: Preventing Weak Password Choices"

Purdue Technical Report CSD-TR 92-028

Eugene H. Spafford

Department of Computer Sciences, Purdue University

Date: June 1991
Search String: opus.PS.gz

"Federal Information Processing Standards Publication 181"

Announcing the Standard for Automated Password Generator

Date: October 5, 1993

URL:
http://www.alw.nih.gov/Security/FIRST/papers/password/fips181.txt

"Augmented Encrypted Key Exchange: A Password-Based Protocol Secure Against
Dictionary Attacks and Password File Compromise"

Steven M. Bellovin and Michael Merrit

AT&T Bell Laboratories

Date: Unknown

Search String: aeke.ps

"A High-Speed Software Implementation of DES"

David C. Feldmeier

Computer Communication Research Group

Bellcore

Date: June 1989

Search String: des.ps

"Using Content Addressable Search Engines to Encrypt and Break DES"

Peter C. Wayner

Computer Science Department

Cornell University

Date: Unknown

Search String: desbreak.ps

"Encrypted Key Exchange: Password-Based Protocols Secure Against Dictionary
Attacks"

Steven M. Bellovin and Michael Merrit

AT&T Bell Laboratories

Date: Unknown

Search String: neke.ps

"Computer Break-ins: A Case Study"

Leendert Van Doorn

Vrije Universiteit, The Netherlands

Date: Thursday, January 21, 1993

Search String: holland_case.ps

"Security Breaches: Five Recent Incidents at Columbia University"

Fuat Baran, Howard

Kaye, and Margarita Suarez

Center for Computing Activities

Colombia University

Date: June 27, 1990

Search String: columbia_incidents.ps