
	shadow password file


	Home > Security Definitions - Shadow password file

SearchSecurity.com Definitions (Powered by WhatIs.com)

EMAIL THIS

LOOK UP TECH TERMS		Powered by:

Browse tech terms alphabetically:

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z #

shadow password file

Digg This!

StumbleUpon

Del.icio.us

- In the Linux operating system, a shadow password file is a system file in which encryption user password are stored so that they aren't available to people who try to break into the system. Ordinarily, user information, including passwords, is kept in a system file called /etc/passwd. The password for each user is stored in an encrypted form (some would call it an encoded form since it isn't really encrypted by the usual algorithm) that is created and used as follows:

The original password is encrypted (or encoded) by using a randomly-generated value or encryption key between 1 and 4096 and a one-way hashing function to arrive at the encoded password that is actually stored. Note that the stored result is not something that you can enter as a password itself.
The key (referred to as the salt) is stored with the encoded password. Note the key itself can't be used to decode the encrypted/encoded password because the encoding is one-way. You can't decode the result back into the original password by using the key.
When someone enters a password, their password is then rehashed with the salt value and compared with the encoded password value. If they match, the user is given access to the system.

In spite of encoding the password with a randomly-generated one-way hash function, a cracker could still break the system if they got access to the /etc/passwd file. Using an approach known as the dictionary attack, a cracker could methodically test each encoded password in the file against their dictionary of commonly-used passwords, each encoded 4096 different ways (to cover all the hash possibilities). Assuming that the system was lax in its password creation requirements and some user used one of the many commonly-used passwords, at least one password could be discovered. In Linux, this possibility can be foreclosed by simply moving the passwords in the /etc/passwd file to another file, usually named /etc/shadow and making this file readable only by those who have access to the system root directory. Using a shadow password file requires that the Linux system installer also install the optional Shadow Suite, which, like Linux, is open source software and available from a number of sites on the Web.

LAST UPDATED:

04 Jun 2007

Do you have something to add to this definition? Let us know.
Send your comments to techterms@whatis.com

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Former LendingTree employees pilfer firm's customer database The online mortgage lending exchange site said several of its former employees shared their passwords with unapproved lenders to access customer...
	Hitachi acquires M-Tech Systems for identity management M-Tech will become Hitachi ID Systems under the deal. The M-Tech acquisition is part of a broader trend of companies aggressively acquiring IAM...
	Worst practices: Exposing IAM blunders Joel Dubin exposes the most common IAM blunders, and enlightens information security professionals on how to prevent these mistakes.

RELATED GLOSSARY TERMS

Terms from Whatis.com − the technology online dictionary

graphical password (SearchSecurity.com)

identity chaos (SearchSecurity.com)

View this month\\'s issue and subscribe today.

Apply online for free conference admission.

SEARCH :

Advanced Search | Site Index

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.


TechTarget Corporate Web Site \| Media Kits \| Reprints \| Site Map All Rights Reserved, Copyright 2003 - 2008, TechTarget \| Read our Privacy Policy