shadow password file
|
|
 Show me everything on Password Management and Policy
 - In the Linux operating system, a shadow password file is a system file in which encryption user password are stored so that they aren't available to people who try to break into the system. Ordinarily, user information, including passwords, is kept in a system file called /etc/passwd. The password for each user is stored in an encrypted form (some would call it an encoded form since it isn't really encrypted by the usual algorithm) that is created and used as follows:- The original password is encrypted (or encoded) by using a randomly-generated value or encryption key between 1 and 4096 and a one-way hashing function to arrive at the encoded password that is actually stored. Note that the stored result is not something that you can enter as a password itself.
- The key (referred to as the salt) is stored with the encoded password. Note the key itself can't be used to decode the encrypted/encoded password because the encoding is one-way. You can't decode the result back into the original password by using the key.
- When someone enters a password, their password is then rehashed with the salt value and compared with the encoded password value. If they match, the user is given access to the system.
In spite of encoding the password with a randomly-generated one-way hash function, a cracker could still break the system if they got access to the /etc/passwd file. Using an approach known as the dictionary attack, a cracker could methodically test each encoded password in the file against their dictionary of commonly-used passwords, each encoded 4096 different ways (to cover all the hash possibilities). Assuming that the system was lax in its password creation requirements and some user used one of the many commonly-used passwords, at least one password could be discovered. In Linux, this possibility can be foreclosed by simply moving the passwords in the /etc/passwd file to another file, usually named /etc/shadow and making this file readable only by those who have access to the system root directory. Using a shadow password file requires that the Linux system installer also install the optional Shadow Suite, which, like Linux, is open source software and available from a number of sites on the Web.
 |
Learn more about Password Management and Policy |
  |
Identity and Access Management Services, Systems and Technologies: This Security School explores critical topics related to helping security practitioners establish and maintain an effective identity and access management plan. |
 |
Using IAM, password and provisioning management tools for compliance: In this new lesson, expert Tom Bowers will teach you how provisioning and password management can reduce help desk calls, ease compliance woes and save corporate cash. |
| Endpoint security protection: Policies for endpoint control: Guest instructor Ben Rothke, provides tactics for endpoint security, policies for controlling endpoints and insight as to where endpoint security technology is headed. |
| How to break into a computer that is right at your fingertips: Stressing the importance of physical security, Joel Dubin explains how a hacker can bypass a BIOS password and break into a computer. |
| Spy vs. Spy: Excerpt from Chapter 6 of Spies Among Us: How to Stop the Spies, Terrorists, Hackers, and Criminals You Don't Even Know You Encounter Every Day. |
| SAP Security Learning Guide: This guide pulls SAP security information from both SearchSecurity.com and its sister site, SearchSAP.com, to provide the most comprehensive resource around for all aspects of making your SAP system ... |
| LAST UPDATED: |
04 Jun 2007
|
|
Do you have something to add to this definition? Let us know.
Send your comments to techterms@whatis.com
|
|
More resources from around the web:
|
|
|
|
|
