Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: When did UNIX start using encrypted passwords, and not displaying passwords when you type them in?
Top Forums UNIX for Advanced & Expert Users When did UNIX start using encrypted passwords, and not displaying passwords when you type them in? Post 302606040 by Corona688 on Friday 9th of March 2012 11:35:51 AM
Old 03-09-2012
Research the crypt function for details on how UNIX password encryption worked historically, and the shadow system for when they moved that out of /etc/passwd completely.

UNIX as its now known never stored passwords in plaintext, that would be preposterous. /etc/passwd must be world-readable, they must be protected in some way. They didn't just encrypt the passwords, they encrypted them irretrievably. Not even the operating system can tell what the hashes are supposed to mean. Instead, when you login, it takes a hash of what you typed and compares the result to see if it's identical to the hash stored in /etc/passwd. If they match, you login.

There turned out to be vulnerabilities in letting everyone see all the hashes. If you happen to have the same password as someone else, you might notice the identical hash, something they fixed with a random salt which obscures the hashes from being checked quite so easily. Still, however, you can't go backwards from a hash, but you can check a thousand strings from a dictionary and all 256 of their salts to see if any of them become that same hash. They took measures to make crypt() too unwieldy to do that quickly, but advances in computing soon made it not unwieldy enough, and the password hashes were split out into a "shadow" file, which is only readable by root.

The old-fashioned UNIX crypt() algorithm is is mostly obsolete, now, but has been extended to allow other kinds of encryption in the same sort of stored hash.

As for echoing back to the screen, UNIX terminal control is also about as old as UNIX itself -- what else would they control them with back then? I suspect the ability to turn off echo predates UNIX, even.
Last edited by Corona688; 03-09-2012 at 12:43 PM..
 

9 More Discussions You Might Find Interesting

1. Solaris

Urgent !!! - Script to Change passwords in unix

I have SunOs 5.8. I need to change password using a unix shell script. I have tried to pipe the passwords to the passwd command but does not work. Pls provide a script to change passwds of a list of users using a shell script. ( I have also tried crypt() but did not work) The flow of the... (2 Replies)
Discussion started by: tofani
2 Replies

2. UNIX for Dummies Questions & Answers

Unix passwords?

The local policy is set in our LAN so that passwords have to be 8 characters and contain a capital letter, a small letter and a special character. Is Unix able to restrict users passwords to certain lengths and characters. (1 Reply)
Discussion started by: wmosley2
1 Replies

3. UNIX for Advanced & Expert Users

About unix passwords.

How the unix is maintaining the password ? How it does the encryption and how the passwords are stored in the system and where it is stored ? How it is better when compared to other OS ? (1 Reply)
Discussion started by: nagalenoj
1 Replies

4. Shell Programming and Scripting

Oracle Passwords in Unix scripts

Hi Most of the shell scripts I am dealing with have to connect to oracle database . The username password is stored in a environment file which sets the variables for username and password . Set user id do not work on AIX so users who will execute these scripts need to have read or execute... (5 Replies)
Discussion started by: clifford
5 Replies

5. Shell Programming and Scripting

Script to Check for Unix/Linux Passwords

We have almost 100+ Unix/Linux servers, on which I have account. Does anybody have a batch script which can do the following : - check if my password is correct - change my password We use SFTP/SSH on Linux. The solution should force reading of password from command line. ( Passwordless... (1 Reply)
Discussion started by: lucknowm
1 Replies

6. Cybersecurity

how to Hide Passwords From UNIX ps Command

Hi, By reporting the process status with ps, any Unix user will see the command line arguments #ps -ef UID PID PPID C STIME TTY TIME CMD lsc 13837 13825 0 May 11 pts/17 0:01 -ksh oracle 4698 6294 0 12:00:40 ? 0:00 sqlplus -s system/manager appluser 4229 4062 0 12:00:03... (2 Replies)
Discussion started by: bhagirathi
2 Replies

7. Shell Programming and Scripting

SSH - Passing Unix login passwords through shell scripts

Hi All , I need to call a script runscript_B.sh on server A, the runscript_B.sh script locating in server B. The runscript_B.sh in calls another script runscript_A on server A itself. it seend, i need to be connect from Server A to Server B using ssh. I have tryed like this in... (3 Replies)
Discussion started by: koti_rama
3 Replies

8. AIX

When did AIX start using /etc/security/passwd instead of /etc/passwd to store encrypted passwords?

Does anyone know when AIX started using /etc/security/passwd instead of /etc/passwd to store encrypted passwords? (1 Reply)
Discussion started by: Anne Neville
1 Replies

9. Shell Programming and Scripting

How to change passwords for User accounts on multiple UNIX/Linux machines remotely?

Hello Experts, Need some direction on creating shell script for following environment: We have about 20 people in the team working as Oracle DBA's (sysdba's and appdba's). Total Servers which is a mix of Unix and Linux are 200. We do not have Root user access on any of the servers and... (3 Replies)
Discussion started by: sha2402
3 Replies

LEARN ABOUT HPUX

crypt_r

crypt(3C)																 crypt(3C)

NAME

       crypt  - generate hashing encryption

SYNOPSIS

   Obsolescent Interfaces
DESCRIPTION

   crypt():
       is  the	password encryption function.  It is based on a one way hashing encryption algorithm with variations intended (among other things)
       to frustrate use of hardware implementations of a key search.

       key is a user's typed password.	salt is a two-character string chosen from the set this string is used to perturb the hashing algorithm in
       one of 4096 different ways, after which the password is used as the key to encrypt repeatedly a constant string.  The returned value points
       to the encrypted password.  The first two characters are the salt itself.

   Obsolescent Interfaces
       generate hashing encryption.

WARNINGS

       The return value for points to data whose content is overwritten by each call.

       and are obsolescent interfaces  supported only for compatibility with existing DCE applications. New multithreaded applications should use

SEE ALSO

       crypt(1), login(1), passwd(1), getpass(3C), passwd(4), thread_safety(5).

STANDARDS CONFORMANCE

																	 crypt(3C)
All times are GMT -4. The time now is 08:30 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy