Solaris Password Security
Posted on December 13, 2006
Every so often you learn something that your surprised you didn’t already know. My ego says to hide that fact but my pragmatic side says I should help make sure others aren’t naive as well. In this case I refer to Solaris password security and namely the default crypt_unix(5) algorithm.
If you look at /etc/shadow on a Solaris system by default you’ll see lines like this:
In this line “mxqZuc0PXJ/gw” is quickly recognized as a traditional salted crypt password. You probly know that this is the default out-of-the-box password format for Solaris, but you might not know that these passwords are limited to 8 characters in length. And even if you do realize this, you might have wrongly assumed, as I did, that the password “123456789” wouldn’t be the same as password “12345678”… but in fact they are. If you have a stock Solaris system and you use a password greater than 8 chars try logging in with only the first 8 chars of the password and be amazed when it works. If I’d stopped to read the unix_crypt(5) man page I would have noticed:
Only the first eight characters of the key passed to crypt() are used with this algorithm; the rest are silently ignored.
So how do you fix this? Quite simply actually. Solaris provides 4 different password schemes which are defined in /etc/security/policy.conf. The lines of interest are the following:
CRYPT_ALGORITHMS_ALLOW=1,2a,md5 #CRYPT_ALGORITHMS_DEPRECATE=__unix__ CRYPT_DEFAULT=__unix__
The algorithms seen above, with the exception of “__unix__” which is the dreaded crypt_unix, are noted in /etc/security/crypt.conf and are:
- 1 (crypt_bsdmd5.so): One-way password hashing module for use with crypt(3C) that uses the MD5 message hash algorithm. The output is compatible with md5crypt on BSD and Linux systems. Password Limit: 255 chars
- 2a (crypt_bsdbf.so): One-way password hashing module for use with crypt(3C) that uses the Blowfish cryptographic algorithm. Password Limit: 255 chars
- md5 (crypt_sunmd5.so): One-way password hashing module for use with crypt(3C) that uses the MD5 message hash algorithm. This module is designed to make it difficult to crack passwords that use brute force attacks based on high speed MD5 implementations that use code inlining, unrolled loops, and table lookup. Password Limit: 255 chars
To migrate to a better password scheme simply edit 2 lines in /etc/security/policy.conf: uncomment CRYPT_ALGORITHMS_DEPRECATE and change CRYPT_DEFAULT, like so:
You’ll now need to change your password using passwd. Even with crypt_unix deprecated these passwords will still be accepted. You can tell which format a password uses in /etc/shadow by the $type$ that proceeds the password, for instance:
- moqZuc0PXJ/gw: Traditional UNIX password
- $1$AR11mcp5$5wP5t99.kiHBiJ3qrg9jW1: Linux/BSD Compatible MD5
- $2a$04$Q4m1iCDQWCl9l6h6yDFcC.agmbB21YXJxhrB1bmfnVOcrZwBBZUsm: Blowfish password
- $md5$3UqYqndY$$6P.aaWOoucxxq.l00SS9k0: Sun MD5 password
I should note that I did notice that unless an algorithm is depreciated password changes will continue to use the existing password format. That is, if you make the default format Sun MD5, create a user and set his password, then change the default, changing the password will continue to use the existing Sun MD5 format. The point being, if your migrating all users from one format to another, make sure you deprecate the format you don’t want to use anymore to get the desired effect.