On 02/04/2015 02:08 PM, Lamar Owen wrote:> > 3.) Attacker uses a large graphics card's GPU power, harnessed with > CUDA or similar, to run millions of bruteforce attempts per second on > the exfiltrated /etc/shadow, on their computer (not yours). > 4.) After a few hours, attacker has your password (or at least a > password that hashes to the same value as your password), after > connecting to your system only once.Oh, and the program to do this can be found very easily. It's called 'John the Ripper' and has GPU support available: http://openwall.info/wiki/john/GPU https://en.wikipedia.org/wiki/John_the_ripper Again, the real bruteforce danger is when your /etc/shadow is exfiltrated by a security vulnerability of the type that allows arbitrary remote code execution or arbitrary file access. Once the attacker has your /etc/shadow, there is absolutely nothing you can do to keep said attacker from cracking your passwords at full speed. Well, nothing except the password strength itself.
On Wed, 2015-02-04 at 14:16 -0500, Lamar Owen wrote:> Oh, and the program to do this can be found very easily. It's called > 'John the Ripper' and has GPU support available: > http://openwall.info/wiki/john/GPU > https://en.wikipedia.org/wiki/John_the_ripper > > Again, the real bruteforce danger is when your /etc/shadow is > exfiltrated by a security vulnerability of the type that allows > arbitrary remote code execution or arbitrary file access. Once the > attacker has your /etc/shadow, there is absolutely nothing you can do to > keep said attacker from cracking your passwords at full speed. Well, > nothing except the password strength itself.Thanks for the future details. My passwords usually contain letters from 2 or 3 different languages as well with non-letters inserted every 2 or 3 characters. -- Regards, Paul. England, EU. Je suis Charlie.
> On Feb 4, 2015, at 12:16 PM, Lamar Owen <lowen at pari.edu> wrote: > > Again, the real bruteforce danger is when your /etc/shadow is exfiltrated by a security vulnerabilityUnless you have misconfigured your system, anyone who can copy /etc/shadow already has root privileges. They don?t need to crack your passwords now. You?re already boned.
On Wed, February 4, 2015 3:55 pm, Warren Young wrote:>> On Feb 4, 2015, at 12:16 PM, Lamar Owen <lowen at pari.edu> wrote: >> >> Again, the real bruteforce danger is when your /etc/shadow is >> exfiltrated by a security vulnerability > > Unless you have misconfigured your system, anyone who can copy /etc/shadow > already has root privileges. They don???t need to crack your passwords > now. You???re already boned. >There can be scenario that someone has /etc/shadow due to admin's stupidity, yet doesn't have root access. Like: NFS exported / without root_squash option, then everybody having root on different box can mount and have your /etc/shadow. But in general, I'm with you. And incident like above is really major incident after which full investigation of all what happened on the box, change of all password (and other thing that too should be considered compromised like keys, certs...) and rebuild of box are mandatory. In any case, I agree that whoever let password hashes get exposed... is doomed. Valeri ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++
On Wed, 2015-02-04 at 14:55 -0700, Warren Young wrote:> > On Feb 4, 2015, at 12:16 PM, Lamar Owen <lowen at pari.edu> wrote: > > > > Again, the real bruteforce danger is when your /etc/shadow is exfiltrated by a security vulnerability > > Unless you have misconfigured your system, anyone who can copy /etc/shadow already has root privileges. They don?t need to crack your passwords now. You?re already boned.On C5 the default appears to be:- -rw-r--r-- 1 root root 1220 Jan 31 03:04 shadow On C6, the default is:- ---------- 1 root root 854 Mar 13 2014 shadow -- Regards, Paul. England, EU. Je suis Charlie.