2 cissp ® Official Study Guide Eighth Edition

Download 19,3 Mb.

Pdf ko'rish

bet	863/881
Sana	08.04.2023
Hajmi	19,3 Mb.
	#925879

1 ... 859 860 861 862 863 864 865 866 ... 881

Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Dictionary Attacks
As mentioned previously, many Unix systems store encrypted versions of user passwords
in an /
etc
/
shadow
file accessible to all system users. To provide some level of security, the
file doesn’t contain the actual user passwords; it contains a hashed version obtained from a
one-way hash function (see Chapter 7, “PKI and Cryptographic Applications,” for a discus-
sion of hash functions). When a user attempts to log on to the system, access verification
routines use the same hash function to hash the password entered by the user and then
compare it with the hashed version of the actual password stored in the /
etc
/
shadow
file. If
the values match, the user is allowed access.
Password attackers use automated tools like John the Ripper to run automated diction-
ary attacks that exploit a simple vulnerability in this mechanism. They take a large diction-
ary file that contains thousands of words and then run the encryption function against
all those words to obtain their encrypted equivalents. John the Ripper then searches the
password file for any encrypted values for which there is a match in the encrypted diction-
ary. When a match is found, it reports the username and password (in plain text), and the
attacker gains access to the system.
It sounds like simple security mechanisms and education would prevent users from using
passwords that are easily guessed by John the Ripper, but the tool is surprisingly effec-
tive at compromising live systems. As new versions of cracking tools are released, more
advanced features are introduced to defeat common techniques used by users to defeat
password complexity rules. Some of these are included in the following list:
■
Rearranging the letters of a dictionary word
■
Appending a number to a dictionary word

Password Attacks
931
■
Replacing each occurrence of the letter
O
in a dictionary word with the number 0 (or
the letter
l
with the number 1)
■
Combining two dictionary words in some form
Rainbow table attacks are a variant on dictionary attacks designed to reduce the
amount of time required to conduct a brute-force attack against hashed passwords. In
this attack, the perpetrator takes a list of commonly used passwords and then runs them
through the same hash function used by the system to create hashed versions of those
passwords. The resulting list of hashes is known as a
rainbow table
. In a simple implemen-
tation of password hashing, the attacker can then simply search the list of hashed values
for the values contained in the rainbow table to determine user passwords. Salting, dis-
cussed in Chapter 7, addresses this issue. See the sidebar “Salting Saves Passwords” in that
chapter for more detail.

Download 19,3 Mb.

Do'stlaringiz bilan baham:

1 ... 859 860 861 862 863 864 865 866 ... 881