Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Password
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
===Form of stored passwords=== Some computer systems store user passwords as [[plaintext]], against which to compare user logon attempts. If an attacker gains access to such an internal password store, all passwords—and so all user accounts—will be compromised. If some users employ the same password for accounts on different systems, those will be compromised as well. More secure systems store each password in a cryptographically protected form, so access to the actual password will still be difficult for a snooper who gains internal access to the system, while validation of user access attempts remains possible. The most secure do not store passwords at all, but a one-way derivation, such as a [[polynomial]], [[Modulo operation|modulus]], or an advanced [[Cryptographic hash function|hash function]].<ref name="SS1">{{cite web| last=Lundin|first=Leigh |title= PINs and Passwords, Part 2 | url=http://www.sleuthsayers.org/2013/08/pins-and-passwords-part-2.html |work=Passwords| publisher=SleuthSayers| location=Orlando| date=11 August 2013}}</ref> [[Roger Needham]] invented the now-common approach of storing only a "hashed" form of the plaintext password.<ref>Wilkes, M. V. Time-Sharing Computer Systems. American Elsevier, New York, (1968).</ref><ref name="guardian">{{cite news|last=Schofield|first=Jack|title=Roger Needham|work=The Guardian|date=10 March 2003|url=https://www.theguardian.com/news/2003/mar/10/guardianobituaries.microsoft}}</ref> When a user types in a password on such a system, the password handling software runs through a cryptographic hash algorithm, and if the hash value generated from the user's entry matches the hash stored in the password database, the user is permitted access. The hash value is created by applying a cryptographic hash function to a string consisting of the submitted password and, in multiple implementations, another value known as a [[salt (cryptography)|salt]]. A salt prevents attackers from easily building a list of hash values for common passwords and prevents password cracking efforts from scaling across all users.<ref>[http://bugcharmer.blogspot.com/2012/06/passwords-matter.html The Bug Charmer: Passwords Matter] {{webarchive|url=https://web.archive.org/web/20131102172331/http://bugcharmer.blogspot.com/2012/06/passwords-matter.html |date=2 November 2013 }}. Bugcharmer.blogspot.com (20 June 2012). Retrieved on 2013-07-30.</ref> [[MD5]] and [[SHA1]] are frequently used cryptographic hash functions, but they are not recommended for password hashing unless they are used as part of a larger construction such as in [[PBKDF2]].<ref name="bugcharmer.blogspot.com">Alexander, Steven. (20 June 2012) [http://bugcharmer.blogspot.com/2012/06/how-long-should-passwords-be.html The Bug Charmer: How long should passwords be?] {{webarchive|url=https://web.archive.org/web/20120920143554/http://bugcharmer.blogspot.com/2012/06/how-long-should-passwords-be.html |date=20 September 2012 }}. Bugcharmer.blogspot.com. Retrieved on 2013-07-30.</ref> The stored data—sometimes called the "password verifier" or the "password hash"—is often stored in Modular Crypt Format or RFC 2307 hash format, sometimes in the [[/etc/passwd]] file or the [[/etc/shadow]] file.<ref> [http://pythonhosted.org/passlib/lib/passlib.hash.html "passlib.hash - Password Hashing Schemes"] {{webarchive|url=https://web.archive.org/web/20130721042150/http://pythonhosted.org/passlib/lib/passlib.hash.html |date=21 July 2013 }}. </ref> The main storage methods for passwords are plain text, hashed, hashed and salted, and reversibly encrypted.<ref name="An Administrator's Guide to Internet Password Research">Florencio et al., [http://research.microsoft.com/pubs/227130/WhatsaSysadminToDo.pdf An Administrator's Guide to Internet Password Research] {{webarchive|url=https://web.archive.org/web/20150214015800/http://research.microsoft.com/pubs/227130/WhatsaSysadminToDo.pdf |date=14 February 2015 }}. (pdf) Retrieved on 14 March 2015.</ref> If an attacker gains access to the password file, then if it is stored as plain text, no cracking is necessary. If it is hashed but not salted then it is vulnerable to [[rainbow table]] attacks (which are more efficient than cracking). If it is reversibly encrypted then if the attacker gets the decryption key along with the file no cracking is necessary, while if he fails to get the key cracking is not possible. Thus, of the common storage formats for passwords only when passwords have been salted and hashed is cracking both necessary and possible.<ref name="An Administrator's Guide to Internet Password Research"/> If a cryptographic hash function is well designed, it is computationally infeasible to reverse the function to recover a [[plaintext]] password. An attacker can, however, use widely available tools to attempt to guess the passwords. These tools work by hashing possible passwords and comparing the result of each guess to the actual password hashes. If the attacker finds a match, they know that their guess is the actual password for the associated user. Password cracking tools can operate by brute force (i.e. trying every possible combination of characters) or by hashing every word from a list; large lists of possible passwords in multiple languages are widely available on the Internet.<ref name="SS1" /> The existence of [[password cracking]] tools allows attackers to easily recover poorly chosen passwords. In particular, attackers can quickly recover passwords that are short, dictionary words, simple variations on dictionary words, or that use easily guessable patterns.<ref>[http://blog.thireus.com/cracking-story-how-i-cracked-over-122-million-sha1-and-md5-hashed-passwords Cracking Story – How I Cracked Over 122 Million SHA1 and MD5 Hashed Passwords « Thireus' Bl0g] {{webarchive|url=https://web.archive.org/web/20120830223146/http://blog.thireus.com/cracking-story-how-i-cracked-over-122-million-sha1-and-md5-hashed-passwords |date=30 August 2012 }}. Blog.thireus.com (29 August 2012). Retrieved on 2013-07-30.</ref> A modified version of the [[Data Encryption Standard|DES]] algorithm was used as the basis for the password hashing algorithm in early [[Unix]] systems.<ref name="cm.bell-labs.com">{{cite journal |url=http://cm.bell-labs.com/cm/cs/who/dmr/passwd.ps |archive-url=https://web.archive.org/web/20030322053727/http://cm.bell-labs.com/cm/cs/who/dmr/passwd.ps |url-status=dead |archive-date=22 March 2003 |title=Password Security: A Case History |author1=Morris, Robert |author2=Thompson, Ken |name-list-style=amp |journal=Communications of the ACM |volume=22 |issue=11 |year=1979 |pages=594–597 |doi=10.1145/359168.359172 |citeseerx=10.1.1.135.2097 |s2cid=207656012 }}</ref> The [[crypt (Unix)|crypt]] algorithm used a 12-bit salt value so that each user's hash was unique and iterated the DES algorithm 25 times in order to make the hash function slower, both measures intended to frustrate automated guessing attacks.<ref name="cm.bell-labs.com"/> The user's password was used as a key to encrypt a fixed value. More recent Unix or Unix-like systems (e.g., [[Linux]] or the various [[BSD]] systems) use more secure password hashing algorithms such as [[PBKDF2]], [[bcrypt]], and [[scrypt]], which have large salts and an adjustable cost or number of iterations.<ref>[http://www.usenix.org/publications/login/2004-06/pdfs/alexander.pdf Password Protection for Modern Operating Systems] {{webarchive|url=https://web.archive.org/web/20160311102423/http://usenix.org/publications/login/2004-06/pdfs/alexander.pdf |date=11 March 2016 }} (pdf). Usenix.org. Retrieved on 20 May 2012.</ref> A poorly designed hash function can make attacks feasible even if a strong password is chosen. [[LM hash]] is a widely deployed and insecure example.<ref>[http://support.microsoft.com/default.aspx?scid=KB;EN-US;q299656 How to prevent Windows from storing a LAN manager hash of your password in Active Directory and local SAM databases] {{webarchive|url=https://web.archive.org/web/20060509045622/http://support.microsoft.com/default.aspx?scid=KB;EN-US;q299656 |date=9 May 2006 }}. support.microsoft.com (3 December 2007). Retrieved on 2012-05-20.</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)