Crypt DES and 8 character truncated passwords
Many passwords in linux are encrypted using the crypt() utility. The user is usually not aware of the difference between a crypt and a MD5 encryption. Well it can turn out to be important, especially if crypt uses the default DES-based scheme to perform the encryption.
The problem with crypt() + Traditional DES is that it truncates the password length to 8 characters. Users are not usually aware of this and assume that the entire length of the password has been saved and encrypted. Take the apache tool htpasswd for example. It uses crypt() to encrypt passwords (It may also use its own MD5 routine) into a password file. The following command creates a new user in a password file
htpasswd password_file new_user
After this command is executed, you are prompted for a password. If the password is greater than 8 characters, for example – 123456789, it will still be accepted and no warning will be provided that it was truncated. So providing the password 12345678 will also allow you to be authenticated into the system. Why is this bad ?
- The time taken to crack 8 character passwords is shorter (in relative comparison).
- It is also likely that the password was truncated in these scenarios, so an attacker may well target passwords that are exactly 8 characters in length.
- Some people have the knack of prefixing the password with the username first. Bad idea if your username happens to be 8 characters long
- The user may not even be aware of the problem, since he/she assumes that the password is strong and greater than 8 characters.
So the next time you provide a password to a system, you might want to know how they get saved into a persistence store and what encryption is used.