Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: When did UNIX start using encrypted passwords, and not displaying passwords when you type them in?
Top Forums UNIX for Advanced & Expert Users When did UNIX start using encrypted passwords, and not displaying passwords when you type them in? Post 302606040 by Corona688 on Friday 9th of March 2012 11:35:51 AM
Old 03-09-2012
Research the crypt function for details on how UNIX password encryption worked historically, and the shadow system for when they moved that out of /etc/passwd completely.

UNIX as its now known never stored passwords in plaintext, that would be preposterous. /etc/passwd must be world-readable, they must be protected in some way. They didn't just encrypt the passwords, they encrypted them irretrievably. Not even the operating system can tell what the hashes are supposed to mean. Instead, when you login, it takes a hash of what you typed and compares the result to see if it's identical to the hash stored in /etc/passwd. If they match, you login.

There turned out to be vulnerabilities in letting everyone see all the hashes. If you happen to have the same password as someone else, you might notice the identical hash, something they fixed with a random salt which obscures the hashes from being checked quite so easily. Still, however, you can't go backwards from a hash, but you can check a thousand strings from a dictionary and all 256 of their salts to see if any of them become that same hash. They took measures to make crypt() too unwieldy to do that quickly, but advances in computing soon made it not unwieldy enough, and the password hashes were split out into a "shadow" file, which is only readable by root.

The old-fashioned UNIX crypt() algorithm is is mostly obsolete, now, but has been extended to allow other kinds of encryption in the same sort of stored hash.

As for echoing back to the screen, UNIX terminal control is also about as old as UNIX itself -- what else would they control them with back then? I suspect the ability to turn off echo predates UNIX, even.
Last edited by Corona688; 03-09-2012 at 12:43 PM..
 

9 More Discussions You Might Find Interesting

1. Solaris

Urgent !!! - Script to Change passwords in unix

I have SunOs 5.8. I need to change password using a unix shell script. I have tried to pipe the passwords to the passwd command but does not work. Pls provide a script to change passwds of a list of users using a shell script. ( I have also tried crypt() but did not work) The flow of the... (2 Replies)
Discussion started by: tofani
2 Replies

2. UNIX for Dummies Questions & Answers

Unix passwords?

The local policy is set in our LAN so that passwords have to be 8 characters and contain a capital letter, a small letter and a special character. Is Unix able to restrict users passwords to certain lengths and characters. (1 Reply)
Discussion started by: wmosley2
1 Replies

3. UNIX for Advanced & Expert Users

About unix passwords.

How the unix is maintaining the password ? How it does the encryption and how the passwords are stored in the system and where it is stored ? How it is better when compared to other OS ? (1 Reply)
Discussion started by: nagalenoj
1 Replies

4. Shell Programming and Scripting

Oracle Passwords in Unix scripts

Hi Most of the shell scripts I am dealing with have to connect to oracle database . The username password is stored in a environment file which sets the variables for username and password . Set user id do not work on AIX so users who will execute these scripts need to have read or execute... (5 Replies)
Discussion started by: clifford
5 Replies

5. Shell Programming and Scripting

Script to Check for Unix/Linux Passwords

We have almost 100+ Unix/Linux servers, on which I have account. Does anybody have a batch script which can do the following : - check if my password is correct - change my password We use SFTP/SSH on Linux. The solution should force reading of password from command line. ( Passwordless... (1 Reply)
Discussion started by: lucknowm
1 Replies

6. Cybersecurity

how to Hide Passwords From UNIX ps Command

Hi, By reporting the process status with ps, any Unix user will see the command line arguments #ps -ef UID PID PPID C STIME TTY TIME CMD lsc 13837 13825 0 May 11 pts/17 0:01 -ksh oracle 4698 6294 0 12:00:40 ? 0:00 sqlplus -s system/manager appluser 4229 4062 0 12:00:03... (2 Replies)
Discussion started by: bhagirathi
2 Replies

7. Shell Programming and Scripting

SSH - Passing Unix login passwords through shell scripts

Hi All , I need to call a script runscript_B.sh on server A, the runscript_B.sh script locating in server B. The runscript_B.sh in calls another script runscript_A on server A itself. it seend, i need to be connect from Server A to Server B using ssh. I have tryed like this in... (3 Replies)
Discussion started by: koti_rama
3 Replies

8. AIX

When did AIX start using /etc/security/passwd instead of /etc/passwd to store encrypted passwords?

Does anyone know when AIX started using /etc/security/passwd instead of /etc/passwd to store encrypted passwords? (1 Reply)
Discussion started by: Anne Neville
1 Replies

9. Shell Programming and Scripting

How to change passwords for User accounts on multiple UNIX/Linux machines remotely?

Hello Experts, Need some direction on creating shell script for following environment: We have about 20 people in the team working as Oracle DBA's (sysdba's and appdba's). Total Servers which is a mix of Unix and Linux are 200. We do not have Root user access on any of the servers and... (3 Replies)
Discussion started by: sha2402
3 Replies

LEARN ABOUT SUSE

lppasswd

lppasswd(1)							    Apple Inc.							       lppasswd(1)

NAME

       lppasswd - add, change, or delete digest passwords.

SYNOPSIS

       lppasswd [ username ]
       lppasswd -a [ -g groupname ] username
       lppasswd -x username

DESCRIPTION

       lppasswd  adds, changes, or deletes passwords in the CUPS digest password file, passwd.md5. When run by a normal user, lppasswd will prompt
       for the old and new passwords.  When run by the super-user, lppasswd can add new accounts (-a username), change	existing  accounts  (user-
       name), or delete accounts (-x username) in the digest password file. Digest usernames do not have to match local UNIX usernames.

OPTIONS

       lppasswd supports the following options:

       -g groupname
	    Specifies a group other than the default system group.

SECURITY ISSUES

       By  default,  the lppasswd program is not installed to allow ordinary users to change their passwords. To enable this, the lppasswd command
       must be made setuid to root with the command:
       chmod u+s lppasswd

       While every attempt has been made to make lppasswd secure against exploits that could grant super-user privileges  to  unprivileged  users,
       paranoid system administrators may wish to use Basic authentication with accounts managed by PAM instead.

SEE ALSO

       lp(1), lpr(1),
       http://localhost:631/help

COPYRIGHT

       Copyright 2007-2009 by Apple Inc.

22 February 2008						       CUPS							       lppasswd(1)
All times are GMT -4. The time now is 08:47 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy