Cryptographic hashes are used for passwords on UNIX operating systems. These cryptographic algorithms need to be strong enough so that they are not compromised. With the current rate of growth in computer's processing power, time to crack a password is reducing. Use of such algorithms may result in weak password hashes which are more vulnerable to compromise. Most Linux operating systems use MD5 algorithm for cryptographic hashing, which has been severely compromised. Obviously this does not mean MD5 is insecure for password hashing but in order to reduce the chances of vulnerabilities a more secure and robust algorithm which has no known weaknesses ( like SHA-256 or SHA-512) is recommended.
So the question is, can we increase the security with the existing hashing algorithms like MD5 ? The answer is yes ... There is something known as "rounds" - a parameter associated with almost every password hashing algorithm.
For example, rounds=85000 means, your computer must compute 85000 hashes every time you log in. This will impose a restriction that an attacker has to compute 85000 hashes for each password he is trying to compromise against the hash in your /etc/shadow. Therefore the attacker will be delayed by a factor of 85000. Most modern computers will take less that 1 second to compute 85000 hashes. If you do not specify the rounds option, the system will use the default value for the algorithm used.
MD5 - default 4096 rounds , SHA256 or SHA512 - default 5000 rounds. Technically the rounds can be shown as :
How to specify rounds option for password hashing ?
Red Hat Enterprise Linux (RHEL)
/etc/pam.d/passwd
Oracle Solaris
/etc/security/crypt.conf
Suse Linux Enterprise Server (SLES)
/etc/default/passwd
IBM AIX
/etc/security/pwdalg.cfg
Note : In above case, if Blowfish algorithm used, number of rounds is to entered as 2^cost_num. So if you want 1024 ( 2^10 ) rounds , you should specify the setting as BLOWFISH_CRYPT_FILES=10. The valid value of cost_num is an integer between 4 and 31, inclusive. While playing around with this setting, I entered value of cost_num as 31 , and when I tried to change password for root, the process was in progress for more than 4 hours .... I had to finally terminate it. Number of rounds for 2^31 = 2147483648 ( two billion one hundred forty-seven million four hundred eighty-three thousand six hundred forty-eight ). So the password hash will be generated after 2147483648 rounds, which requires more than 6 hours ... Next time the user tries to login to the system, he needs to wait for more than 6 hours for the hash to be computed and then match it with the one stored in /etc/shadow or /etc/passwd file .
Once the password hashing settings are changed, the existing passwords are not automatically re-hashed. In order to enforce this and close the vulnerability gap, you need to force the users to change the password.
Force users to change password on next login:
Once the password is changed, the updated hash in the /etc/shadow or /etc/passwd file will look something like :
The entire process of increasing rounds is known as "Key stretching" - which helps in making a weak password more secure to brute-force attacks, by increasing the time needed to test each key.
For example, rounds=85000 means, your computer must compute 85000 hashes every time you log in. This will impose a restriction that an attacker has to compute 85000 hashes for each password he is trying to compromise against the hash in your /etc/shadow. Therefore the attacker will be delayed by a factor of 85000. Most modern computers will take less that 1 second to compute 85000 hashes. If you do not specify the rounds option, the system will use the default value for the algorithm used.
MD5 - default 4096 rounds , SHA256 or SHA512 - default 5000 rounds. Technically the rounds can be shown as :
key = hash(password)
for 1 to 85000 do
key = hash(key)
for 1 to 85000 do
key = hash(key)
How to specify rounds option for password hashing ?
Red Hat Enterprise Linux (RHEL)
/etc/pam.d/passwd
password required pam_unix.so sha512 shadow nullok rounds=85000
Oracle Solaris
/etc/security/crypt.conf
md5 crypt_sunmd5.so.1 rounds=85000
Suse Linux Enterprise Server (SLES)
/etc/default/passwd
CRYPT=SHA512
SHA512_CRYPT_FILES=85000
SHA512_CRYPT_FILES=85000
IBM AIX
/etc/security/pwdalg.cfg
sblowfish:
lpa_module = /usr/lib/security/sblowfish
lpa_options = cost_num=10
lpa_module = /usr/lib/security/sblowfish
lpa_options = cost_num=10
Note : In above case, if Blowfish algorithm used, number of rounds is to entered as 2^cost_num. So if you want 1024 ( 2^10 ) rounds , you should specify the setting as BLOWFISH_CRYPT_FILES=10. The valid value of cost_num is an integer between 4 and 31, inclusive. While playing around with this setting, I entered value of cost_num as 31 , and when I tried to change password for root, the process was in progress for more than 4 hours .... I had to finally terminate it. Number of rounds for 2^31 = 2147483648 ( two billion one hundred forty-seven million four hundred eighty-three thousand six hundred forty-eight ). So the password hash will be generated after 2147483648 rounds, which requires more than 6 hours ... Next time the user tries to login to the system, he needs to wait for more than 6 hours for the hash to be computed and then match it with the one stored in /etc/shadow or /etc/passwd file .
Once the password hashing settings are changed, the existing passwords are not automatically re-hashed. In order to enforce this and close the vulnerability gap, you need to force the users to change the password.
Force users to change password on next login:
passwd -f <user-name>
Once the password is changed, the updated hash in the /etc/shadow or /etc/passwd file will look something like :
piyush:$6$rounds=85000$JG2mong9$dh/SPT6z07CkWWNorukiJtFeM/dd.H8YmFrodChTpa2zIgajkTVgCfnAusmYMBakFXKCusNr8wF8Ugk8ewmv3.:15
The entire process of increasing rounds is known as "Key stretching" - which helps in making a weak password more secure to brute-force attacks, by increasing the time needed to test each key.
