Skip to topic | Skip to bottom
Bennington College
ComputerScience
r1.11 - 24 Mar 2006 - 18:41 - ForrestEngland
Start of topic | Skip to actions

Security Team

Security under Mac OS X

shadow passwords

  • passwords: Tiger uses shadow passwords using salted SHA1 1-way encoded hash function
  • stored in netinfo database (/private/var/db/shadow/hash/*)
  • (Debian GNU/Linux stores MD5 encoded shadow passwords in /etc/shadow)

They are 1 way encoded because once encoded, they can't be decoded. When you enter your password, it is put through the hash algorithm and compared to the hash stored on disk.

password attacks

If someone gets their hands on your hashes (which they can't do unless they get root access somehow) they can try to figure out your password using a brute force method (trying every possible combination of letters, numbers, and symbols for a given number of charachters, encoding them, and comparing them to the hash), or a dictionary method (encoding huge word lists and comparing the hashes to yours). This takes forever, especially the brute force method. These passwords are pretty secure. The best way to ensure security is choosing a good password. Mac os x has a cool little utility to help you choose a good password built into the users and groups system preference.

Tools like john-the-ripper are used in these attacks. John cracked my password in about 9 hours, so I changed it. It cracked cs0's password in less than a second. You need the patch below to get it to try to crack salted SHA1 passwords.

Why would someone want to get your password if they have root access somehow? so they can log in as you and you won't know it, cause your password hasn't changed.

physical access

If they have physical access, being root on a mac is rediculously simple, just hold down command-s while it starts up. There are some ways of keeping people from getting into single user mode without a password.

shell codes

A shellcode is some machine code stored in a C string which an attacker uses to take advantage of software vulnerabilities such as buffer overruns, smash the stack, and execute a shell with root priveledges.

links
mac hacking contests Joe was referring too

I Attachment sort Action Size Date Who Comment
john-1.7-saltsha1.diff manage 37.1 K 24 Mar 2006 - 14:11 ForrestEngland