The Importance of Good Passwords
Password Cracking: The Gory Details
How and Why MUSC Audits Passwords
Frequently Asked Questions After an Audit
The password for your MUSC Network Account is stored in an encrypted form on various servers on the MUSC campus network. For example, a copy of your encrypted MNA password is stored on the IMAP server and on the Atrium server so you can read your mail, and a copy is stored on an authentication server which allows you to login to the network with PPP. Copies are also stored on various Web servers, on the Homeroom server, and basically anywhere on the network there there are resources which you are authorized to access. So there are copies of your password stored all over the place.
Everywhere that your password is stored, it's stored in an encrypted form. The encryption algorithm takes your plaintext password, and transforms it into an encrypted form, which is what actually gets stored on the various servers. The problem is that password cracking tools are available which a bad guy can use to "recover" (in reality, guess) your plaintext password from your encrypted password, if your password does not meet certain minimal standards.
Our campus network, like every other University network, is constantly probed from the Internet by bad guys. They look for any vulnerability which they can exploit to gain a foothold on any of our systems. Their ultimate target may or may not be one of MUSC's systems. They may be trying to break into one of our systems so that they can attack other, more lucrative, targets from one of our systems rather than directly from their own systems, reducing the chances that they can be caught and prosecuted.
If a bad guy does manage to gain a foothold on a server in a network like ours, one of the first things he will try to do is large scale password recovery. In other words, he will attempt to locate files containing encrypted passwords, transfer them to his (or some other intermediate) system, and run cracking tools against them. If he recovers a plaintext password, then he can compromise that account, and access any system the account holder is authorized to access. In the worst case, a single cracked password can allow a bad guy to leverage a tenuous foothold on a single system into ownership of an entire network.
Everywhere that your password is stored, it's stored only in an encrypted form. The encrypted form is obtained using the Digital Encryption Standard (DES) algorithm. The DES algorithm computes a one-way hash of your password; this hash is sometimes called the encrypted password, although technically speaking your password is not encrypted, it's hashed. The DES algorithm is called one-way because it's possible (obviously) to compute the hashed password from the plaintext password, but it's mathematically impossible to "reverse" the algorithm and obtain the plaintext password from the hashed password.
So if a bad guy has a copy of your encrypted (hashed) password, what can he do with it? Nothing directly - he would need to know your plaintext password in order to access your account. But fortunately DES is a one-way algorithm, so even if he has a copy of your encrypted password, he can't derive your plaintext password from it.
So your account is still safe, right? Maybe, maybe not.
If the bad guy has a copy of your encrypted password, a little free time, and access to a reasonably fast computer, he may be able to "recover" (in reality, guess) your actual plaintext password by performing a dictionary attack. The bad guy starts with a list (dictionary) of candidate plaintext passwords. Then he applies the DES algorithm to each candidate password in his dictionary, and compares the output of the algorithm to your encrypted password. If they don't match, he tries the next candidate. If they do match, then he knows what your plaintext password must be, because his candidate plaintext password could hash to the same value as your actual plaintext password only if they were the same plaintext strings, character for character.
So how much time time does the bad guy need to "recover" your plaintext password from your encrypted password, using a dictionary attack? Let's assume that he has a garden variety desktop PC, which can complete about 100,000 encrypt-then-compare operations per second.
Let's assume that this guy really wants to know your password, so he constructs the complete dictionary of all possible 8-character candidate password strings. This dictionary has 6,600 million million entries in it. At the assumed rate of 100,000 operations per second, he would need, on average, 1,000 years to "recover" your password, using this exhaustive dictionary of all possible passwords.
A millennium sounds pretty good. But before we get too excited, let's consider another case.
Let's assume that our bad guy is modestly intelligent. Instead of constructing the complete dictionary of all possible 8-character passwords, he might construct a much more manageable 10-million word dictionary of passwords that people are actually likely to use. His dictionary of "popular" passwords, although huge, is 660 million times smaller than the complete, exhaustive dictionary of all possible passwords. It turns out that all of a 10-million word dictionary's entries can be encrypted and compared to your encrypted password in just 100 seconds. That's right -- if your password is in the bad guy's 10-million word dictionary, then he will have your password in less than two minutes.
While the "best" passwords are random strings of characters, such passwords are very hard to remember. As a practical matter, any string of characters which does not appear in any dictionary of candidate passwords that a bad guy is likely to use, is good enough.
We audit MUSC Network Account passwords using the same kinds of tools that the bad guys use. We use readily available password cracking tools such as John the Ripper and L0phtCrack. Likewise, we download raw wordlists for building candidate password dictionaries from the same places on the Internet that the bad guys do. Currently we build candidate password dictionaries of about 10 million entries, and it takes us 1-2 weeks of continuous processing to audit the password of every MNA account holder.
Using a cracking tool, the auditor may be able to recover (guess) your password if you have chosen it poorly. If this happens, all it means is that your password was present in the dictionary that was constructed for the audit. The bad news is, if the auditor can guess your password, then a bad guy can too.
MUSC audits all MUSC Network Account passwords in order to protect its systems. The results of the audit are communicated in confidence to each individual user whose password fails the audit. The only goal of the audit is to get weak passwords changed.
When the audit is complete, each user whose password was cracked is notified via e-mail that his password failed the audit, and he is asked to change his password. If after three such notices the user's password has not been changed, then the auditor changes it for him, and the user faces a trip to the Library Systems Office, where he must present his picture id before he can access his account again.
Q: You're telling me my password is insecure, but I'm absolutely convinced that no one could ever have guessed my password. Why can't you guys just leave me alone?
A: If your password has failed an audit, then anyone could have guessed your password in two minutes or less using freely available software on an ordinary desktop PC. By using a password which the audit has revealed as weak, you are (or were) exposing MUSC's systems to an unacceptable risk of instrusion through your account. To protect its systems, MUSC must set some minimum standard for password strength, which all users must meet when selecting their passwords.
Q: How can you know my password? I thought it was supposed to be a secret!
A: If you have chosen a good password, then no one can guess it. If you have chosen a weak password, then anyone can guess it, and someone eventually will. Only if you are lucky will that "someone" will be a system administrator conducting an authorized audit.
Q: If you know my password, have you used it to access my account?
A: No. The list of passwords which has failed an audit is very closely guarded by the auditor, for obvious reasons.
Q: I feel like my privacy has been violated. What gives you the right to try to guess my password?
A: In general, it is highly unethical to try to guess someone else's password, for any reason. An authorized audit, whose purpose is to identify weak passwords and get them changed, is a legitimate and recognized exception to this general principle.
Q: You claim to have guessed my password. I don't believe you. Can you prove it to me?
A: If you want proof, then the ARCS Postmaster can put you in touch with the system administrator who conducted the audit. Please do not request proof until after you have changed your password, because the auditor cannot discuss your password with you or anyone else until after it has been changed.