
     _________________________________________________________________
   
                           Npasswd Documentation
     _________________________________________________________________
   
Introduction

   Npasswd is a replacement for the passwd command for UNIX. It subjects
   user passwords to stringent guessability checks to decrease the chance
   of users choosing vulnerable passwords. It addresses other
   deficiencies found of standard password change programs. Npasswd is
   designed to replace the programs passwd, chfn and chsh.
   
   Npasswd should work under most versions of UNIX and UNIX-like
   operating systems. It does not replicate every feature of every
   password program on every UNIX platform. If the installer chooses to
   replace the system programs with npasswd, they will be preserved and
   used to perform the functions that npasswd cannot do.
   
   Many UNIX platforms use shadow passwords, which makes it harder for a
   bad guy to obtain encrypted passwords. But there are still plenty of
   systems which have the encrypted passwords available for all the world
   to see.
   
   Having shadow passwords in and of itself greatly reduces vulnerability
   to password crackers. But that protection is a function of the UNIX
   file system. If you use unsecure NIS or a misconfigured NIS+, you can
   still give away your passwords.
   
   Combining intelligent password checking with a shadow database
   provides the best protection short of one-time use passwords or
   challenge/response smart card systems.
   
   Configuring npasswd requires some thought on the part of the
   administrator. It's not a "plug and play" process. There are
   configuration options to select, and there is policy in the code that
   may not meet your needs.
   ______________________________________________________________________
   
History

   In November of 1988 the infamous Morris worm escaped its playpen and
   went on a rampage across the Internet, bringing UNIX systems to their
   knees and causing widespread trouble. Among the Worm's attacks was a
   password guesser, which was fairly clever and unnervingly successful.
   
   Our systems (University of Texas Academic Computing Servies) escaped
   being ravaged by the Worm because our main mail gateway was not a VAX
   or SUN.
   
   Afterwards the Worm was dissected and papers released describing its
   anatomy. From these papers I replicated the password cracker, ran it
   against our password files and got plenty of hits. I rewrote the
   cracker into a primitive password checker that was posted to
   comp.sources.misc in 1989.
   
   The UNIX password encryption crypt(3) was considered good that the
   cyphertext could not be cracked, so it was safe to have the encrypted
   passwords visible to all.
   
   The Worm approached password cracking from a "human engineering"
   perspective. People are likely to choose passwords which are easy to
   remember - such as their login name or phone number. The Worm's
   password cracker encrypted various plaintext strings and compared them
   to the encrypted password. The plaintext came from user's passwd
   information and the UNIX spelling dictionary. This approach was fairly
   successful.
   
   Our UNIX vendors were shipping the primitive V7 passwd program which
   did no significant password checking. This lack of vendor support
   meant the only way to have more secure passwords was to replace it. I
   wrote npasswd around my "worm" password checker.
   
   By late 1989 npasswd had replaced /bin/passwd on all of our public
   UNIX systems. After a few sweeps with my password checker, some
   pointed email and other unfriendly actions, I and my colleagues
   breathed easier - at least for awhile.
   
   In 1991 (or so) Crack was released and the world changed. It did not
   attempt to reverse the password encryption, but used a brute force
   attack similar to that of the Worm. Anyone with a 386 box (the hot
   commodity system of the time), a C compiler and some patience could
   crack passwords at their leisure.
   
   I began to look into integrating Crack into npasswd. I found that
   npasswd needed serious updating - the UNIX environment was changing,
   and there had been plenty of porting problems.
   
   I had also learned a lot more about C programming, so I decided that
   npasswd needed an extensive rewrite. That work started in July of
   1993.
   ______________________________________________________________________
   
The future

   The rewrite was more complicated and taken over 5 years (off and on).
   All of the UNIX platforms which hosted the original npasswd have have
   been retired. There is new hardware (64-bit CPUs), new operating
   systems (Solaris 2, OSF/1), new user databases (NIS+) and security
   facilities.
   
   These facilities are sophisticated and capable, but too often have
   unstable and/or undocumented programming interfaces - as well as
   difficult bugs to work around. Manipulating these databases is much
   more complex than updating field 2 of /etc/passwd.
   
   Although some vendor password change utilities are better at
   disallowing easily guessed passwords, most still rely upon file system
   protections to keep the cyphertext away from prying eyes.
   
   Vendors could make the life of a system administrator more pleasant by
   allowing the system administrator to interpose a site-specific
   password check policy.
   
   The work of keeping up with new releases of UNIX systems and new
   features can take up a lot of time. I do not know if I will be able to
   continue this work.
   ______________________________________________________________________
   
Acknowledgments

   A lot of people have contributed their work to npasswd over the years.
   I've got a large collection of variants of npasswd 1 done by lots of
   folks. Many have provided good ideas and code that have been
   incorporated into version 2.0.
   
   Here are some of the more outstanding contributors that I can recall:
   
   Alec Muffet for providing me Crack modules ready to use and a copious
       collection of word lists.
       Paul Leyland of Oxford University, UK provided support for Ultrix
       enhanced security (which was the base for OSF/1 enhanced security
       support).
       Donnie Emeson for adding character class diversity requirements to
       the password lexical check code.
       Mike Stute for HP-UX support and some improvements to the
       dictionary lookup password checking.
       One of the most popular variants of npasswd was produced at NASA
       Jet Propulsion Laboratory in Pasadena, California. Two guys who
       did a lot of the JPL work were Dan Kegel, who added Crack password
       checking and Dave Hayes who added SunOS 4 adjunct password support
       (among other things).
       Tomasz Surmacz, Institute of Cybernetics, Technical Technical
       University of Wroclaw, Poland, contributed the password original
       history code.
       Charles Seeger, University of Florida CIS Department and Steve
       Swartz, University of Wisconsin for supplying code to include chfn
       and chsh functionality.
       
   There are many more who made suggestions and provided code that wasn't
   used, but whose comments were appreciated.
   ______________________________________________________________________
   
Bibliography

   Documents on the Internet Worm:
   
     * [1]With Microscope and Tweezers: An Analysis of the Internet Virus
       of November, 1988 Mark W. Eichin and Jon Rochlis, MIT.
     * [2]A Tour of the Worm, Donn Seeley, Department of Computer
       Science, University of Utah.
       
   Documents on password security:
   
     * [3]Foiling the cracker: A Survey of, and Improvements to, Password
       Security. Daniel V. Klein, Software Engineering Institute,
       Carniege Mellon University.
     * Password Security: A Case History. Robert Morris and Ken Thompson,
       AT&T Bell Laboratories 1978. Originally part of Volume 2A of the
       Seventh Edition UNIX Programmers Manual, dated January 1979 and
       included in the 4.3 BSD System Managers Manual.
   ______________________________________________________________________
   
   [4][LINK]Top    [5][LINK]Home
   ______________________________________________________________________
   
   Document id @(#) Main.html 1.8
   Version 1.8
   Last modified 07/20/98
   
   
    [6]Clyde Hoover
    [7]Academic Computing Services and Instructional Technology Services
    [8]The University of Texas at Austin
    [9]Copyright 1998, The University of Texas at Austin. All rights
    reserved.

References

   1. file://localhost/./Worm-MIT.ps
   2. file://localhost/./Worm-Utah.ps
   3. file://localhost/./PasswordSecurity.ps
   4. file://localhost/./Main.html#top
   5. file://localhost/./TOC_std.html
   6. mailto:c.hoover@cc.utexas.edu
   7. http://www.utexas.edu/cc
   8. http://www.utexas.edu/
   9. file://localhost/./Copyright.html
