Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: When did UNIX start using encrypted passwords, and not displaying passwords when you type them in?
Top Forums UNIX for Advanced & Expert Users When did UNIX start using encrypted passwords, and not displaying passwords when you type them in? Post 302606040 by Corona688 on Friday 9th of March 2012 11:35:51 AM
Old 03-09-2012
Research the crypt function for details on how UNIX password encryption worked historically, and the shadow system for when they moved that out of /etc/passwd completely.

UNIX as its now known never stored passwords in plaintext, that would be preposterous. /etc/passwd must be world-readable, they must be protected in some way. They didn't just encrypt the passwords, they encrypted them irretrievably. Not even the operating system can tell what the hashes are supposed to mean. Instead, when you login, it takes a hash of what you typed and compares the result to see if it's identical to the hash stored in /etc/passwd. If they match, you login.

There turned out to be vulnerabilities in letting everyone see all the hashes. If you happen to have the same password as someone else, you might notice the identical hash, something they fixed with a random salt which obscures the hashes from being checked quite so easily. Still, however, you can't go backwards from a hash, but you can check a thousand strings from a dictionary and all 256 of their salts to see if any of them become that same hash. They took measures to make crypt() too unwieldy to do that quickly, but advances in computing soon made it not unwieldy enough, and the password hashes were split out into a "shadow" file, which is only readable by root.

The old-fashioned UNIX crypt() algorithm is is mostly obsolete, now, but has been extended to allow other kinds of encryption in the same sort of stored hash.

As for echoing back to the screen, UNIX terminal control is also about as old as UNIX itself -- what else would they control them with back then? I suspect the ability to turn off echo predates UNIX, even.
Last edited by Corona688; 03-09-2012 at 12:43 PM..
 

9 More Discussions You Might Find Interesting

1. Solaris

Urgent !!! - Script to Change passwords in unix

I have SunOs 5.8. I need to change password using a unix shell script. I have tried to pipe the passwords to the passwd command but does not work. Pls provide a script to change passwds of a list of users using a shell script. ( I have also tried crypt() but did not work) The flow of the... (2 Replies)
Discussion started by: tofani
2 Replies

2. UNIX for Dummies Questions & Answers

Unix passwords?

The local policy is set in our LAN so that passwords have to be 8 characters and contain a capital letter, a small letter and a special character. Is Unix able to restrict users passwords to certain lengths and characters. (1 Reply)
Discussion started by: wmosley2
1 Replies

3. UNIX for Advanced & Expert Users

About unix passwords.

How the unix is maintaining the password ? How it does the encryption and how the passwords are stored in the system and where it is stored ? How it is better when compared to other OS ? (1 Reply)
Discussion started by: nagalenoj
1 Replies

4. Shell Programming and Scripting

Oracle Passwords in Unix scripts

Hi Most of the shell scripts I am dealing with have to connect to oracle database . The username password is stored in a environment file which sets the variables for username and password . Set user id do not work on AIX so users who will execute these scripts need to have read or execute... (5 Replies)
Discussion started by: clifford
5 Replies

5. Shell Programming and Scripting

Script to Check for Unix/Linux Passwords

We have almost 100+ Unix/Linux servers, on which I have account. Does anybody have a batch script which can do the following : - check if my password is correct - change my password We use SFTP/SSH on Linux. The solution should force reading of password from command line. ( Passwordless... (1 Reply)
Discussion started by: lucknowm
1 Replies

6. Cybersecurity

how to Hide Passwords From UNIX ps Command

Hi, By reporting the process status with ps, any Unix user will see the command line arguments #ps -ef UID PID PPID C STIME TTY TIME CMD lsc 13837 13825 0 May 11 pts/17 0:01 -ksh oracle 4698 6294 0 12:00:40 ? 0:00 sqlplus -s system/manager appluser 4229 4062 0 12:00:03... (2 Replies)
Discussion started by: bhagirathi
2 Replies

7. Shell Programming and Scripting

SSH - Passing Unix login passwords through shell scripts

Hi All , I need to call a script runscript_B.sh on server A, the runscript_B.sh script locating in server B. The runscript_B.sh in calls another script runscript_A on server A itself. it seend, i need to be connect from Server A to Server B using ssh. I have tryed like this in... (3 Replies)
Discussion started by: koti_rama
3 Replies

8. AIX

When did AIX start using /etc/security/passwd instead of /etc/passwd to store encrypted passwords?

Does anyone know when AIX started using /etc/security/passwd instead of /etc/passwd to store encrypted passwords? (1 Reply)
Discussion started by: Anne Neville
1 Replies

9. Shell Programming and Scripting

How to change passwords for User accounts on multiple UNIX/Linux machines remotely?

Hello Experts, Need some direction on creating shell script for following environment: We have about 20 people in the team working as Oracle DBA's (sysdba's and appdba's). Total Servers which is a mix of Unix and Linux are 200. We do not have Root user access on any of the servers and... (3 Replies)
Discussion started by: sha2402
3 Replies

LEARN ABOUT SUSE

chpasswd

chpasswd(8)						      System Manager's Manual						       chpasswd(8)

NAME

       chpasswd - change user passwords in batch

SYNOPSIS

       chpasswd [-D binddn] [-P path] [-c des|md5|blowfish | -e] [file]

DESCRIPTION

       chpasswd  changes  passwords for user accounts in batch. It reads a list of login and password pairs from standard input or a file and uses
       this information to update the passwords of this user accounts. The named account must exist and the password age  will	be  updated.  Each
       input line is of the format:

		 user_name:password

       If  the	hash algorithmus is not given on the commandline, the value of GROUP_CRYPT or, if not specified, CRYPT from /etc/default/passwd is
       used as hash algorithmus.  If not configured, the traditinal des algorithmus is used.

OPTIONS

       -c des|md5|blowfish
	      This option specifies the hash algorithmus, which should be used to encrypt the passwords.

       -e     The passwords are expected to be in encrypted form. Normally the passwords are expected to be cleartext.

       -D, --binddn binddn
	      Use the Distinguished Name binddn to bind to the LDAP directory.	The user will be prompted for a password  for  simple  authentica-
	      tion.

       -P, --path path
	      The  passwd  and	shadow	files  are  located  below the specified directory path. chpasswd will use this files, not /etc/passwd and
	      /etc/shadow.

FILES

       /etc/default/passwd - default values for password hash

SEE ALSO

       passwd(1), passwd(5), shadow(5)

AUTHOR

       Thorsten Kukuk <kukuk@suse.de>

pwdutils							   Feburary 2004						       chpasswd(8)
All times are GMT -4. The time now is 08:04 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy