211
Securing Linux 6
Breaking Encrypted Passwords
There is a problem with people being able to see encrypted passwords, however. Although it may
be difficult (or even impossible) to reverse the encryption of a trapdoor algorithm, it is very easy to
encode a large number of password guesses and compare them to the encoded passwords in the
password file. This is, in order of magnitude, more efficient than trying actual login attempts for
each user name and password. If a cracker can get a copy of your password file, he or she has a
much better chance of breaking into your system.
Fortunately, Linux and all modern UNIX systems support a shadow password file by default. The
shadow file is a special version of the passwd file that only root can read. It contains the encrypted
password information, so passwords can be left out of the passwd file, which any user on the system
can read. Linux supports the older, single password file method as well as the newer shadow
password file. You should always use the shadow password file (it is used by default).
Checking for the Shadow Password File
The password file is named passwd and can be found in the /etc directory. The shadow password
file is named shadow and is also located in /etc. If your /etc/shadow file is missing, it is likely
that your Linux system is storing the password information in the /etc/passwd file instead.
Pages:
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464