OpenBSD Journal

John the Ripper 1.7 released and an interview with the author

Contributed by SamT on from the dept.

SecurityFocus article dated 2006-02-22 discusses the 1.7 update to John the Ripper, and makes an especial mention of why your favourite OS works harder at securing your system than others.

The FreeBSD-style MD5-based hashes that are so popular nowadays (they're used on FreeBSD, on many (most?) Linux systems, and on Cisco IOS for "enable" passwords) are significantly better, but they aren't quite state of the art. The OpenBSD-style Blowfish-based (bcrypt) hashes are a whole lot better, adding variable iteration counts (such that a system administrator can proceed to adjust the processing cost for hashes that would be used for newly set or changed passwords as CPUs become faster).

Those multiple iterations of an underlying cryptographic primitive (such as modified DES, MD5, or Blowfish) are used to implement so-called "password stretching". bcrypt hashes can reasonably be configured to be, say, 15,000 times slower than traditional crypt(3) hashing on a given CPU. This is equivalent to passwords (or passphrases) containing 14 bits of additional entropy compared to what one has to actually remember and type in at a login prompt. That's roughly two words less to type in a passphrase.

Not only a good read for fanboys, but a good read for those admins with other OSs with discussions that may help you better secure your network

(Comments are closed)

Comments

  1. By Anonymous Coward (128.171.90.200) on

    The default is AES, right ?

    Comments

    1. By Nate (65.94.100.232) on

      Where?

      Comments

      1. By Anonymous Coward (128.171.90.200) on

        Sorry my bad, I was thinking of swap_encryption

        http://marc.theaimsgroup.com/?l=openbsd-misc&m=113637101008262&w=2

    2. By Archite (69.238.133.30) adam@akarsoft.com on http://akarsoft.com

      I don't run linux so I can't tell you what they use off the top of my head, but on my FreeBSD laptop login.conf says md5.

      Comments

      1. By Anonymous Coward (84.188.233.108) on

        Most linux-distries use MD5 today

    3. By Anonymous Coward (66.11.66.41) on

      Did you read the text up there above your post? Where it says the default on shitty systems is md5, and the default on openbsd is blowfish?

      Comments

      1. By Anonymous Coward (128.171.90.200) on

        I saw nothing about it saying Blowfish was the default on OpenBSD

        Comments

        1. By Anonymous Coward (84.188.233.108) on

          He did :D

        2. By Anonymous Coward (66.11.66.41) on

          "The OpenBSD-style Blowfish-based (bcrypt) hashes are a whole lot better"

          Comments

          1. By Anonymous Coward (128.171.90.200) on

            where does it say default ?

            Comments

            1. By Anonymous Coward (68.104.17.51) on

              "OpenBSD-style".

              Comments

              1. By Anonymous Coward (128.171.90.200) on

                yeah, "style" doesn't mean default, but hey don't believe me, there are many dictionaries online

                Comments

                1. By Anonymous Coward (66.11.66.41) on

                  Right, they would just say "openbsd style" because openbsd uses something else by default. That would make lots of sense. Quit being a tard.

                2. By Anonymous Coward (68.104.17.51) on

                  1: a particular kind (as to appearance); "this style of shoe is in demand" 2: how something is done or how it happens; "her dignified manner"; "his rapid manner of talking"; "their nomadic mode of existence"; "in the characteristic New York style"; "a lonely way of life"; "in an abrasive fashion" [syn: manner, mode, way, fashion]

    4. By Nicolai (62.177.129.191) on

      We are talking about password hashes here. AES is symmetric encryption.

      Comments

      1. By tedu (69.12.168.114) on

        so is blowfish.

      2. By Anonymous Coward (66.11.66.41) on

        Which has nothing to do with it. As Ted pointed out, blowfish is symmetric too. That doesn't mean you can't use it for passwords.

      3. By Anonymous Coward (70.179.123.124) on

        http://en.wikipedia.org/wiki/Hash_functions_based_on_block_ciphers

        someone needs to do a little more reading before commenting, methinks

      4. By Anonymous Coward (84.188.210.11) on

        You`re wrong.
        Rijandel is Asymetric

        Comments

        1. By Anonymous Coward (84.188.210.11) on

          Sorry, my fault...
          I mixed up the stuff with Pup-Key

        2. By Anonymous Coward (80.135.43.17) on

          Rijndael asymetric? I only see one key...
          Could you explain this a little more?

  2. By Anonymous Coward (67.170.176.126) on

    I am wondering if there is an OpenBSD endorsed (or validated) tool to keep track of your passwords. Something like PasswordSafe or pwsafe but that has passed the scrutiny and the validation or a security minded group.

    thanks

    AC

    Comments

    1. By tedu (69.12.168.114) on

      i recommend your head.

      Comments

      1. By Anonymous Coward (80.90.29.7) on

        head can be cut off.

        Comments

        1. By tedu (69.12.168.114) on

          ...providing password security. :)

        2. By Anonymous Coward (87.78.133.131) on

          the password to your password-keeping-file is gone then too.

          i tell you it sucks to have to move your office into the basement, so you can have a 300kg safe beside your desk...

          private-keys on removable media are fine for me. only use them on my trusted machine, so i could perhaps even leave them on there. but hey, paranoia is a gift.

          if you have spare money you could go two-factor auth or use pw-keeping tokens. (even saw one on thinkgeek, i think)
          but the available solutions are not open source so i won't use them. don't think my passwords are any safer than in my head just because i put them into a black box.

          Comments

          1. By Anonymous Coward (212.87.113.108) michel.brabants@euphonynet.be on

            Hello, about the fact that there are no password-keeping-tokens supported by opensource. I thought that the free software foundation sells them, not? Openpgp supports them. Opengpg supports all cards that implement the opengpg card specification. I suppose that this smartcard is a password-keeping-device. You can find more infor here: http://www.gnupg.org/(en)/howtos/card-howto/en/smartcard-howto-single.html#id2446660 greetings, Michel

            Comments

            1. By Anonymous Coward (87.78.93.60) on

              Yeah, always saw a buisness opertunity in a nice twofactor-auth implementation under the bsd license. (Anoyone know a project someone could get his soldering iron into?)

              As for the mentioned smartcard support in gpg, i don't want't to carry around another piece of equipment and there is more than just a gpg-key i want to store. :)
              A USB-stick on my keychain fits my need quite nicely. If i loose that, i've centainly got other things to worry about than someone bruteforcing my passphrases. private-keys, ssh or gpg, can be changed/revoked easily and fast. having a policy for such situations helps to not panic too much.

      2. By frantisek holop (165.72.200.10) minusf@gmail.com on

        that is a strange comment from you, tedu.

        maybe you use the same password for all your machines/systems/programs,
        but i've got better things to remember than my 50+ passwords for all the
        systems i use. i don't even count the web pages which need login, those
        don't need really strong passwords.

        i could not imagine my life without password safe now.

        Comments

        1. By tedu (69.12.168.114) on

          why do you have a different password for every system? you don't have ssh keys setup for any of them?

          Comments

          1. By frantisek holop (165.72.200.10) minusf@gmail.com on

            i see you have a hammer and everything looks like a nail to you :)

            mysql, sybase, coldfusion, web admin interfaces/web working interfaces (at work, not my choice), my bank's online interface, ssl certificate passphrases, even my friggin company ip phone has 2 passwords: one for login, one for recorded messages! :)

            not everything can be solved with public keys. not everything is ssh that needs a password.

    2. By Anonymous Coward (81.57.42.108) on

      Among the tools in base, why don't you use 'openssl' ?
      Something like:

      openssl enc -aes256 -in my_secret_file -out my_secret_file.enc
      rm -P my_secret_file

      And then, to print the file content on stdout:
      openssl enc -d -aes256 -in my_secret_file.enc

      Off course the weak point is that you need to decypher & write the file in plain on the disk in order to add new data on it (or is there a tip ?) but well, that's still good enough for me.

      Comments

      1. By Christopher (24.229.80.6) on 

        $ cat eet
#!/usr/bin/perl

while(<STDIN>) {
        print $_;
}

for my $a (@ARGV) {
        print $a, "\n";
}

        lets you do something like this:

        openssl enc -d -bf < my_secret_file.bf | eet 'anotherone' | openssl enc -bf > my_secret_file2.bf
        but it will echo one of the passphrases you enter (dec, enc, verify).

    3. By sng (12.18.141.172) on

      As Bruce Scheiner has often pointed out we all seem really good at keeping track of small bits of important paper. This leads to the conclusion that the old adage about not writing down passwords is wrong. I and many people I know keep them on a card in their wallet. This leads, directly, to longer/better passwords and as long as you are aware enough to avoid shoulder surfing is as secure as anything else. To quote William Gibson "If they think you're crude, go technical; if they think you're technical, go crude."

      Comments

      1. By Anonymous Coward (202.45.99.138) on

        Why not just train your mind to remember large longer better pass phrases in your head?

        Comments

        1. By sng (12.18.141.172) on

          Because with the number of systems I admin to have what I consider a "good" password for each of them in my head I'd have to start forgetting large chunks of other information. And I have better things to do with my time. Now. Why *not* write them down? A couple of points to counter the obvious arguments. 1. We are already good at keeping backups of important documents that need to stay secret. It would be boring to list them but "losing your wallet" is a dead argument. 2. Yes. Losing your wallet *could* result in a race condition. But the odds of you not being able to win that race are so low they aren't even worth tallking about unless you can come up with something new. So a simple "race condition when losing your wallet" without details is a dead argument.

          Comments

          1. By Anonymous Coward (203.113.233.98) on

            I suppose you could remember a couple of good pass phrases including the access code to a safe with a list of good pass phrases for other systems, that sounds reasonable.

            Theres also the Mandylion Password Manager from ThinkGeek at http://www.thinkgeek.com/gadgets/security/7573/ but I have no idea how good it is. I havent seen any comprehensive informative reviews of the device yet.

            If you use sufficiently long random pass phrases stored in a Mandylion-like device then you could make using John The Ripper ineffectual, does anybody know any devices better than the Mandylion? The Mandylion only passwords can only be up to a measly 14 characters in length.

            Comments

            1. By sng (67.171.149.18) on

              There are some decent apps for Palm OS. Now I would *strongly* suggest that one dedicate the device to being a password device and never connect it to a networked box. But I know several people who are very happy with them. http://www.palmblvd.com/software/pc/Strip-2000-01-04-palm-pc.htm

            2. By Anonymous Coward (71.134.180.244) on

              The Mandylion is interesting but it is too hard to use. The buttons have to be pressed just right or they don't do anything. It's software/firmware isn't very good. It's slow and unresponsive and it's just plain difficult to actually enter information into the damn thing. So mine is collecting dust now. I switched to Schneier's paper+wallet password storage system.

          2. By Anonymous Coward (84.188.242.164) on

            ?Central PW-Management?
            LDAP, NIS...?

            Comments

            1. By Anonymous Coward (203.113.233.98) on

              Single sign-on amongst multiple companies doesnt exist

      2. By Anonymous Coward (128.171.90.200) on

        Interesting, Bruce Schneier seems to endorse a program called "Password Safe" considering writing passwords on pieces of paper as "vulnerable to thieves or in-house snoops."

        http://www.schneier.com/passsafe.html

        It's true, at one of the last places I worked many user's passwords were attached to the front of their machine on a Postit note.


        Password Gorilla might compile on OpenBSD, but it is GPL licensed, if that kind of thing bothers you.

        http://www.fpx.de/fp/Software/Gorilla/

        Comments

        1. By sng (12.18.141.172) on

          http://www.schneier.com/blog/archives/2005/06/write_down_your.html Yes he originally wrote Password Safe and has a link to it off of his page. But try actually reading it. Clearly that was not written by him. Here's a hint. You'll never find Bruce talking about himself in the third person. :)

    4. By Anonymous Coward (68.60.45.241) on

      ssh-agent

    5. By Anonymous Coward (67.170.176.126) on

      I am the original poster of the question. Clearly I think there is a need for such a tool. At this point I am using PasswordSafe on Windows but I would like something that is multi-platform (i.e. unix and command line, like pwsafe) but, mostly, something that is opensource and has been validated and peer reviewed (like openssh). Using openssl can be ok in a pinch but I would like to access the passwords individually, not as a big file. And no, I cannot keep all of this in my head. Right now I store all my host account passwords, ssh key passphrases, PINs of online banking, passwords to various web site account, passwords for digital certs and the likes. I have three different password stores (one is for personal stuff, one is for work, one is for another business related thing) and the biggest one has something like 50 entries. This is a real need and could consider pony up some $$ for a bounty and have a respected source (like the openssh team or Solar Designer) come up with something. thanks AC

Latest Articles

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]