March 30, 2004
supervisor reviews
last tuesday (the 23rd) we had our first lit-review meeting 1-on-1 with our supervisor, and i've found since then the going has been slow.
Every single paragraph that i write comes out at a crawling pace, i have a feeling my filtering system is getting all messed up and i'm over-concentrating on some details, just sometimes when u need to just write something out but it has to be legit (ie: proven and published somewhere) .. and that is HARD.
For ages i've been a semi-creative writer. One of my best classes in highschool was english lit (yes, not maths) and i've always had a passion for things related to that (i read a lot of fiction, i listen and get emotional with a lot of things like music etc) so to find myself having to conform with this rigid, almost lifeless, writing style is definately getting to me in a way which is completely stressing out.
As dan says, it's only March.. there will be plenty of time to stress later .. but god this is hard.
I can't wait til this phase is over and the gist of this writing-style has gelled a bit.
I can't wait.
March 29, 2004
March 28, 2004
March 26, 2004
March 25, 2004
March 24, 2004
March 23, 2004
March 21, 2004
getting on 40-50% complete
Felt like i got a lot of work done today, not just in my lit-review (which i did spend heaps of time on) but also in general house-work and cleaning up the backyard etc.
Somehow i managed to not pass out trying to clean up the dog's mess (out the backyard. not inside:P) in the middle of the day, around 40degrees.
Today was hard hard going. Even though i felt i did a lot of work, i have a feeling that because of the heat, and because of how uncomfortable i was feeling all day my standard of work might have been a bit below par. I mean it is difficult to discuss the problems and weaknesses of password systems when sweat is pouring down your face.. i mean the last thing on my mind would've been the consequences of some "evil" attacker gaining access to a computer system because someone had decided to use their pet's name-reversed as a password. ..
Apart from the lit-review, the prospect of my experiments are looking finer and finer by the day.. as mentioned .. JTR has an x86-64 header file (global configuration to setup all the rest of the modules used for algorithms etc) .. initially i was looking at the possibility that i would have to come up with this file myself, in a combination of trial-and-error and seeking out the other header files which were aimed/geared for 64-bit environments. .. ahh thank GOD.. Realistically i think this has cut a HUGE part of my prep for my experiments .. i can't wait to get some opteron time to bench it against itself (x86 compile vs x86-64 compile) ..
The rest of the week is going to be just as hot .. thank god i'll either be a) at uni , or b) at work.
JtR make x86-64
John the Ripper password cracker
Happy Days!.. Sometime during the end of Feb Solar Designer (Creator of JtR) released version 1.6.37 which includes a correct arch.h file for the x86-64 architecture!
Woo.
Can't wait to benchmark the standard JtR versus this JtR64.
March 18, 2004
March 17, 2004
Passwords in a Humanless World
Well, from my last post it seems that i hadn't made any drastic mistakes, and my structure seemed to be a-ok!
Apart from that i've been slowly crunching away on my lit-review, my progress seems to be stumbling upon at some sort of usable pace, and it's good to hear that dan + i will be submitting work/checking work with our supervisor every week now, which i feel will swallow up any errors very very quickly.
In other news, it's great to hear that you should get a copy of a book and then remember that you already have it! (Mitnick you beauty) .. was also great too use as a reference point..
Especially in the fact that:
"Passwords would be a perfect means of authenticating with a computer system if humans didn't exist"
March 16, 2004
Ooo shocker
Orite, from the last post i've made some progress.
Most of my Sunday was spent finding, printing, reading, reviewing articles and periodicals, i felt like i got a ton of work done which was great.
Came to uni on Monday, and after my CSec class (read: 9pm) my supervisor said that he'll want to see some of my lit-review tomorrow (EEEP) .. so, i had some of my background, and a shitload of notes that i'd taken, but no real-structure.
So from 9.30p until now (1.30a) i hammered out the first draft of some of my lit-review sub-sections. I got a lot of the "password" topic stuff first (policies, weaknesses, why passwords are still used) .. and i'm quite proud of it, unfortunately because i'm so god-damned exhausted, i can't really determine if it's right or not, I guess i'll find out tomorrow when i either a) get my head ripped-off, or b) get a pat on the back..
Anyway, i'll post some of it later, as i'm much to tired to copy + paste it now!
March 14, 2004
March 11, 2004
Turns around, starts walking backwards
Hahaha.. naturally from wednesdays meeting and after talking to dan about some stuff i've changed a lot of what i'd started ..
Mostly it's that a lot of my background will be converted (ever so slightly) into my actual lit-review .. the process which i used for the background being more suited to lit-review.. then i'll revise my questions, my abstract, my background, my significance.
And to get myself into the swing of things i consumed 4 articles tonight.. 2 of which were really good (gold-mines if u will) I've written up nice little summaries, taken LOTS of interesting quotes .. hopefully I'll keep on running on this little high because the last fortnight has felt like a bit of a dampener...especially with all the work stuff that's been going (ie: moving, and finishing up some large projects)
I also picked up a copy of mitnick's art of deception, and as soon as i've finished schneier's secrets & lies .. it's onto this book (which craig recommended to the class in csec)
March 09, 2004
Slow going
The research proposal is coming along.. okay. Come tomorrow morning i'm going to have to start putting my lit-review into the 1st draft, which i'm expecting to be hard-going.. especially with how slow sometimes it feels to make progress .. even just doing the background.. it's not enough to just assume that what you perceive as general knowledge is in fact general knowledge..
I suppose it's the same with everything.. someone who knows about music trying to explain it to someone who knows nothing for example.. it feels like your hitting your head against a well..
but at least my proposal doesn't make me bleed from the head (yet :P) .. most of the background is done.. significance and litreview .. tomorrow shall be your beginnings.
March 08, 2004
It would be difficult...
... to max-out your library borrowing limit.
Even though the amount of tech/crypto/comp-sec books that exist on the 4th floor of the library must be stretching almost into the thousands, i believe it would be impossible to carry enough books to max-out your limit, especially at the average page-length of 700.
Anyway, have got my hands on the "Handbook of Applied Cryptography" by Menezes, Oorschot and Vanstone; "Cryptography Theory and Practice 2ed" by Stinson; and "Internet Firewalls and Network Security 2ed" by Hare and Siyan.
Hopefully i'll be able to kill 2 birds with these books, the crypto + password policy stuff will work well with my proposal, and the crypto books also have the potential to aid me in my csec paper that i'll have to do sometime (the abstract of which is due in 3 weeks)...
On to the proposal
First Background, then Significance
Did approximately 1/3rd of my research proposal background, after that i'll quickly write up the significance.. then it's the fun stuff.. onto the lit review.
For each section i've been writing up a what, why and relevance, as discussed with my supervisor, important topics will be re-iterated all over the place (even though redundancy is meant to be kept to a minimum). So even though they will be briefly discussed in the background (to get all readers to the same level approximately) .. they then will be discussed in much more depth, being affirmed via literature.
Research Proposal
So this weekends goal was to get a chunk out of the preliminary research proposal, unfortunately yesturday i was stuck helping the new boss shift to the new office. Anyway after doing my reading for CompSec i realised none of my lit had been focussed on password policies. So, i searched through proquest, have a stack of links to have a read, and a few books which i'll have to try and grab from uni.
My structure so far goes something like this:
Background
Password Policies
One-Way hashing algorithms
Password cracking tools
Beowulf's and Cluster Hardware
Parallel Algorithm techniques
John the Ripper MPI
Significance
Passwords as a weakpoint
Other methods of authentication
Other methods of testing weak passwords
The significance might not be aimed at individual organisations, but for computer security firms?
March 04, 2004
MPICH Why Must You Spite Me?
As a form of procrastination whilst waiting for class, I tried to get MPICH (1.2.5.2) running on 2 machines at uni, to no avail. What's funny is when i got MPICH running at home on a pair of machines, the only problem they had was that ssh didn't let them login without passwords, so when i ran any of the test applications it would ask me for passwords.
This time around i'm in the inverse boat, SSH isn't asking for passwords, but MPICH appears to be broken!
Note to self: What happens if i can't even get JtRMPI to work?
[Edit]
Played around with my setup at home (see: forcing SSH to work at Version 1 not Version 2) .. and actually got mpich example programs to work PERFECTLY at home..
Hopefully i'll be able to recreate what i did when i get back to uni.
March 02, 2004
No Net Leads to Conversations and SRC Dissection
The labs proxy server had a hdd failure yesturday. The poor box was feebly printing out HDD I/O Errors on the console in a vain attempt to warn us that it was about to reach some sort of critical point. That point must have occured around the same time the whole lab had a brief-power out.
Anyway, this left the lab internet-less so my day of planned research and reading was reduced to conversations with pete about AMD64 and JtR. Which led me to another look inside the details of this password cracking tool. (READ ON FOR TECHNICAL SUMMARY)
What i don't know about Mandrake-AMD64
What AMD64 mode does this installation run in? Long 64-bit mode? Long Compatibility mode? Legacy Mode? (i really hope not the latter)
Pete made the observation that OpenOffice(OO) loaded just as quick on his single CPU axp2400 if not quicker, compared to this Dual Opteron 244 (2xOpteron's at 1.8GHz). I was quick to suggest that it's because the installed OO was still the 32-bit version, that is, the packaged OO that came with the MandrakeAMD64 installation files was just the default 32-bit version. So does that also lead on to imply that this installation of Mandrake forces the Opteron to run in Compatibility mode? (ie: 64-bit OS with the ability to run existing 16/32-bit x86 applications.) .. even if OO is running as a 32-bit app, with the extra benefits of a SCSI drive and much faster memory system, it should still run faster on an Opteron than on a vanilla AthlonXP. Is this because the mandrake kernel is still not truly optimised for AMD64? Or are a lot of the core linux libraries still running in 32-bit mode?
I'm wondering what sort of affect this will have on JtR running as a 32-bit compiled binary vs a 64-bit compiled binary? .. Will all the dependant libraries be 64-bit?
A Peek Inside JtR
MD5 related files: MD5_std.h MD5_std.c MD5_fmt.c formats.h formats.c
As mentioned yesturday, MD5_std.c contains all the code that is necessary to perform MD5 password checks, and the MD5_body() function is seen to be a direct copy (to some extent) of the MD5 algorithm as set out by RFC1321. This method itself receives multiple calls from within the MD5_std_crypt() function.
To allow for JtR to use different encryption algorithm's the use of formats.h describes a structure which allows the specific algorithm to store various descriptive elements as well as the links to the various functions, such as functions for initialisation, cyphertext checks, splitting functions, conversion functions, hashing functions, the actual crypt task, and comparison functions. This makes a lot of sense when viewing the fmt_MD5 struct as defined in MD5_fmt.c.
Apart from this structure this file also reveals important information about the algorithm such as the maximum length of plain-text passwords (15), the length of cyphertext (22), and the sizes of both the binary cyphertext in bytes (4) and the size of internal salt representations in bytes (8).
Returning back to the formats.h, this fmt_main structure is used by john.c itself as a way of registering all of the different algorithms at it's disposal, which would therefore imply that adding new algorithms is quite simple, as long as it conforms to the structures laid out by formats.h
March 01, 2004
Linux password files, MD5 Algorithms
Apart from reading more of Schneier's "Secrets & Lies" did some googling on
- Linux Passwords
- Linux Shadow
- Linux Password Algorithm
- Linux MD5
- Linux Password MD5 Algorithm
And some other searchings using different iterations of the above mentioned terms.
What are the benefits of the Shadow File
Because usernames and uid/gid's are stored within the passwd file it is required to be read by the system. This allows anyone to easily gain access to the hashed passwords stored in the /etc/passwd file. To remedy this the /etc/shadow file is used, which is set to read-only for a few authorised users (usually only root by default).
This means the username's and uid/gid's are still stored in /etc/passwd but the hashed password is stored in a stronger-permissioned file. ie /etc/shadow.
There are more benefits, such as specifying when a password has to be updated and the specified maximum age of a password too.
Benefits of MD5 hashed passwords compared to DES hashed passwords
DES's plaintext has a maximum of 8 characters, MD5 can accept much larger lengths. (In fact, isn't MD5 not limited by length at all, md5sum being able to return a 128-bit hash on any file length input?)
"Foiling the Cracker: A Survey Of, and Improvements to, Password Security" by Daniel V. Klein (1990)
This text was too old to be of any use. The author discusses the potential security benefits of using shadow'd password files instead of shared password files, but then follows on saying that most systems won't upgrade their software.. when in fact most modern unix/linux OS's enable Shadow'd password files by default.
RFC1321 on MD5 Algorithm
Very interesting, the Memo sent out about the new MD5 algorithm, this text document also includes the c code down the bottom of the page, and on initial inspection seems very similar to the MD5 code used by John. (although some changes appear to have been made, are these optimisations for JtR? or for other systems? .. )
RSA Lab's Bulletin "On Recent Results for MD2, MD4 and MD5" by M.J.B. Robshaw (1996)
This mentions that the weakness of the MD5 hashing algorithm isn't so much that collisions are discovered easily, it's more that pseudo-collisions occur. Where these are collisions which happen because of the compression part of the MD5 algorithm as opposed to the actual hashing itself. Dobbertin's article (2 pager) describes the situation used to cause this pseudo-collision.
"Cryptanalysis of MD5 Compress" by Hans Dobbertin (1996)
As mentioned, this outlines the conditions used to force pseudo-collisions by the MD5 hashing algorithm.