UNIX Password Security - Ten Years Later

Passwords in the UNIX operating system are encrypted with the crypt algorithm and kept in the publicly-readable le /etc/passwd. This paper examines the vulnerability of UNIX to attacks on its password system. Over the past 10 years, improvements in hardware and software have increased the crypts/second/dollar ratio by ve orders of magnitude. We reexamine the UNIX password system in light of these advances and point out possible solutions to the problem of easily found passwords. The paper discusses how the authors built some high-speed tools for password cracking and what elements were necessary for their success. These elements are examined to determine if any of them can be removed from the hands of a possible system innltrator, and thus increase the security of the system. We conclude that the single most important step that can be taken to improve password security is to increase password entropy.