Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Password encryption
Top Forums UNIX for Dummies Questions & Answers Password encryption Post 302319242 by robsonde on Sunday 24th of May 2009 07:04:25 PM
Old 05-24-2009
Your encrypted password is not stored in /etc/passwd file, It is stored in /etc/shadow file.
In the good old days there was no great problem with this general read permission. Everybody could read the encrypted passwords, but the hardware was too slow to crack a well-chosen password, and moreover, the basic assumption used to be that of a friendly user-community.


Almost, all modern Linux / UNIX operating systems use the shadow password system where /etc/passwd has asterisks (*) instead of encrypted passwords, and the encrypted passwords are in /etc/shadow which is readable by the superuser only.


And the use of the word encrypted is misleading too.
The word encrypted makes you think that there is a de-crypt command of some kind.

The passwords are really “hashed”.

A cryptographic hash function is a deterministic procedure that takes an arbitrary block of data and returns a fixed-size bit string, the (cryptographic) hash value, such that an accidental or intentional change to the data will change the hash value. The data to be encoded is often called the "message", and the hash value is sometimes called the message digest or simply digest.
The ideal cryptographic hash function has four main properties:
• it is easy to compute the hash value for any given message,
• it is infeasible to find a message that has a given hash,
• it is infeasible to modify a message without changing its hash,
• it is infeasible to find two different messages with the same hash.

So if we want to get a password back from a hash we have to do it by guessing and testing.

Passwords can sometimes be guessed by humans with knowledge of the user's personal information.

Examples of guessable passwords include:
• blank (none)
• the words "password", "passcode", "admin" and their derivatives
• a row of letters from the qwerty keyboard -- qwerty itself, asdf, or qwertyuiop)
• the user's name or login name
• the name of their significant other, a friend, relative or pet
• their birthplace or date of birth, or a friend's, or a relative's
• their automobile license plate number, or a friend's, or a relative's
• their office number, residence number or most commonly, their mobile number.
• a name of a celebrity they like
• a simple modification of one of the preceding, such as suffixing a digit, particularly 1, or reversing the order of the letters.
• a swear word

In a large password sample the above can “guess” as much as 60% of all password's

in most unix systems the password hash is based on DES.
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Zipping with password or encryption

We currently take files (via FTP) off of a mainframe and save them as a text file on our server. This is done via a script. The next thing that is done to that text file is it gets zipped (using ZIP). This all works fine, but it doesn't appear that ZIP (the free version) has any way to password... (2 Replies)
Discussion started by: dsimpg1
2 Replies

2. Programming

User name and password encryption

Hi, I have usernames and passwords (to connect oracle DB) buried in so many shell scripts. We want to externalize all usernames and passwords from those shell scripts and encrypt them and keep them in a file. So far I found two choices, 1) Use some encryption algorithms like (RC5/MD5) to... (5 Replies)
Discussion started by: satguyz
5 Replies

3. Solaris

Password Encryption (SunOS 5.8)

Hi all, I have a server in the office that we connect to via telnet. Can anyone explain please how i can encrypt the password so it cannot be picked up in plain text by sniffing software like WireShark, etc.? I'm not very experienced in Unix, so any ideas or even links would be great. ... (5 Replies)
Discussion started by: de049
5 Replies

4. Solaris

Password encryption in script

:DHi i am preparing a script to connect to oracle from solaris.... now i want that no one is able to see the password in the script. is it possible...please help Regards Ankurk (3 Replies)
Discussion started by: ankurk
3 Replies

5. Shell Programming and Scripting

Password encryption...

Hi, I have a Java app that looks for some parameters in a .properties file such as username and password. However I don't want to leave the password in a text file and I can't modify the app... Does anyone have some idea about how to encrypt/hide/etc the password so it's not freely accessible... (1 Reply)
Discussion started by: Tr0cken
1 Replies

6. Shell Programming and Scripting

Password Encryption for Oracle Script

Please let me know the how to hide Oracle credential in below script: PP.AIX.ETL:/XYZ/abc/dsclientprod/home/scripts/monthly > cat exec_sql.sh set +x # import our environment #. /xyz/abc/dsclientprod/home/my.env ScriptOutput=/QIS2FTP/HP_ST_UAT/dsclientprod/home/scripts/ScriptRunInfo.txt... (2 Replies)
Discussion started by: rajubollas
2 Replies

7. Red Hat

How the Password Encryption Works in RHEL 6.4?

How the Password Encryption Works in RHEL 6.4 , And Which Encrytion is used in etc/shadow File , SHA256 , SHA512 or any other ? :confused: (3 Replies)
Discussion started by: babinlonston
3 Replies

8. UNIX for Dummies Questions & Answers

Password encryption

if I change my password on two different servers, using the same string but the encrypted password in /etc/passwd look different. If I copy an entry from one /etc/password to the other server. I can still log in to both servers using the same password. Only now both /etc/passwd entries are... (2 Replies)
Discussion started by: C0ppert0p
2 Replies

9. Shell Programming and Scripting

Password encryption in RHEL

I am working on a script where we are using sqlplus command to connect to Oracle DB. But the schemaname and password used for sqlplus authentication, have to be hardcoded in the script. DBconnection=scott/tiger@SID sqlplus $DBconnection Here any user who reads the script can read the... (1 Reply)
Discussion started by: max29583
1 Replies

10. Shell Programming and Scripting

DB Password encryption in config file

Hi Gurus, I need to encrypt the Db passwords which are stored in a configuration file (.txt) as below: stage_db_pwd=ABC this is test line content_db_pwd=123def This is test line 2 stg_db_name=xyz I want to encrypt all the password fields (identified by "pwd"), encrypt them in the same... (3 Replies)
Discussion started by: ashishpanchal85
3 Replies

LEARN ABOUT BSD

setkey

CRYPT(3)						     Library Functions Manual							  CRYPT(3)

NAME

       crypt, setkey, encrypt - DES encryption

SYNOPSIS

       char *crypt(key, salt)
       char *key, *salt;

       setkey(key)
       char *key;

       encrypt(block, edflag)
       char *block;

DESCRIPTION

       Crypt  is  the password encryption routine.  It is based on the NBS Data Encryption Standard, with variations intended (among other things)
       to frustrate use of hardware implementations of the DES for key search.

       The first argument to crypt is normally a user's typed password.  The second is a 2-character string chosen  from  the  set  [a-zA-Z0-9./].
       The  salt string is used to perturb the DES algorithm in one of 4096 different ways, after which the password is used as the key to encrypt
       repeatedly a constant string.  The returned value points to the encrypted password, in the same alphabet as the salt.  The first two  char-
       acters are the salt itself.

       The  other entries provide (rather primitive) access to the actual DES algorithm.  The argument of setkey is a character array of length 64
       containing only the characters with numerical value 0 and 1.  If this string is divided into groups of 8, the low-order bit in  each  group
       is ignored, leading to a 56-bit key which is set into the machine.

       The  argument  to  the  encrypt entry is likewise a character array of length 64 containing 0's and 1's.  The argument array is modified in
       place to a similar array representing the bits of the argument after having been subjected to the  DES  algorithm  using  the  key  set	by
       setkey.	The edflag flag is ignored; the argument can only be encrypted.

SEE ALSO

       passwd(1), passwd(5), login(1), getpass(3)

BUGS

       The return value points to static data whose content is overwritten by each call.

7th Edition							  August 12, 1986							  CRYPT(3)
All times are GMT -4. The time now is 04:35 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy