When did UNIX start using encrypted passwords, and not displaying passwords when you type them in? Post: 302606040

Sponsored Content

Top Forums UNIX for Advanced & Expert Users When did UNIX start using encrypted passwords, and not displaying passwords when you type them in? Post 302606040 by Corona688 on Friday 9th of March 2012 11:35:51 AM

03-09-2012

Registered User

Research the crypt function for details on how UNIX password encryption worked historically, and the shadow system for when they moved that out of /etc/passwd completely.

UNIX as its now known never stored passwords in plaintext, that would be preposterous. /etc/passwd must be world-readable, they must be protected in some way. They didn't just encrypt the passwords, they encrypted them irretrievably. Not even the operating system can tell what the hashes are supposed to mean. Instead, when you login, it takes a hash of what you typed and compares the result to see if it's identical to the hash stored in /etc/passwd. If they match, you login.

There turned out to be vulnerabilities in letting everyone see all the hashes. If you happen to have the same password as someone else, you might notice the identical hash, something they fixed with a random salt which obscures the hashes from being checked quite so easily. Still, however, you can't go backwards from a hash, but you can check a thousand strings from a dictionary and all 256 of their salts to see if any of them become that same hash. They took measures to make crypt() too unwieldy to do that quickly, but advances in computing soon made it not unwieldy enough, and the password hashes were split out into a "shadow" file, which is only readable by root.

The old-fashioned UNIX crypt() algorithm is is mostly obsolete, now, but has been extended to allow other kinds of encryption in the same sort of stored hash.

As for echoing back to the screen, UNIX terminal control is also about as old as UNIX itself -- what else would they control them with back then? I suspect the ability to turn off echo predates UNIX, even.

Last edited by Corona688; 03-09-2012 at 12:43 PM..

Corona688

View Public Profile for Corona688

Visit Corona688's homepage!

Find all posts by Corona688

9 More Discussions You Might Find Interesting

1. Solaris

Urgent !!! - Script to Change passwords in unix

I have SunOs 5.8. I need to change password using a unix shell script. I have tried to pipe the passwords to the passwd command but does not work. Pls provide a script to change passwds of a list of users using a shell script. ( I have also tried crypt() but did not work) The flow of the...

2. UNIX for Dummies Questions & Answers

Unix passwords?

The local policy is set in our LAN so that passwords have to be 8 characters and contain a capital letter, a small letter and a special character. Is Unix able to restrict users passwords to certain lengths and characters.

3. UNIX for Advanced & Expert Users

About unix passwords.

How the unix is maintaining the password ? How it does the encryption and how the passwords are stored in the system and where it is stored ? How it is better when compared to other OS ?

4. Shell Programming and Scripting

Oracle Passwords in Unix scripts

Hi Most of the shell scripts I am dealing with have to connect to oracle database . The username password is stored in a environment file which sets the variables for username and password . Set user id do not work on AIX so users who will execute these scripts need to have read or execute...

5. Shell Programming and Scripting

Script to Check for Unix/Linux Passwords

We have almost 100+ Unix/Linux servers, on which I have account. Does anybody have a batch script which can do the following : - check if my password is correct - change my password We use SFTP/SSH on Linux. The solution should force reading of password from command line. ( Passwordless...

6. Cybersecurity

how to Hide Passwords From UNIX ps Command

Hi, By reporting the process status with ps, any Unix user will see the command line arguments #ps -ef UID PID PPID C STIME TTY TIME CMD lsc 13837 13825 0 May 11 pts/17 0:01 -ksh oracle 4698 6294 0 12:00:40 ? 0:00 sqlplus -s system/manager appluser 4229 4062 0 12:00:03...

7. Shell Programming and Scripting

SSH - Passing Unix login passwords through shell scripts

Hi All , I need to call a script runscript_B.sh on server A, the runscript_B.sh script locating in server B. The runscript_B.sh in calls another script runscript_A on server A itself. it seend, i need to be connect from Server A to Server B using ssh. I have tryed like this in...

8. AIX

When did AIX start using /etc/security/passwd instead of /etc/passwd to store encrypted passwords?

Does anyone know when AIX started using /etc/security/passwd instead of /etc/passwd to store encrypted passwords?

9. Shell Programming and Scripting

How to change passwords for User accounts on multiple UNIX/Linux machines remotely?

Hello Experts, Need some direction on creating shell script for following environment: We have about 20 people in the team working as Oracle DBA's (sysdba's and appdba's). Total Servers which is a mix of Unix and Linux are 200. We do not have Root user access on any of the servers and...

LEARN ABOUT DEBIAN

tightvncpasswd

vncpasswd(1)							     TightVNC							      vncpasswd(1)

NAME

       vncpasswd - set passwords for VNC server

SYNOPSIS

       vncpasswd [file]
       vncpasswd -t
       vncpasswd -f

DESCRIPTION

       The  vncpasswd  utility should be used to create and change passwords for the TightVNC server authentication. Xvnc uses such passwords when
       started with the -rfbauth command-line option (or when started from the vncserver script).

       vncpasswd allows to enter either one or two passwords. The first password is the primary one, the second password can be used for view-only
       authentication. Xvnc will restrict mouse and keyboard input from clients who authenticated with the view-only password. The vncpasswd util-
       ity asks interactively if it should set the second password.

       The password file name defaults to $HOME/.vnc/passwd unless the -t command-line option was  used  (see  the  OPTIONS  section  below).  The
       $HOME/.vnc/ directory will be created if it does not exist.

       Each  password  has  to	be  longer than five characters (unless the -f command-line option was used, see its description below).  Only the
       first eight characters are significant. If the primary password is too short, the program will abort. If  the  view-only  password  is  too
       short, then only the primary password will be saved.

       Unless  a  file name was provided in the command-line explicitly, this utility may perform certain sanity checks to prevent writing a pass-
       word file into some hazardous place.

       If at least one password was saved successfully, vncpasswd will exit with status code 0. Otherwise the returned status code will be set	to
       1.

OPTIONS

       -t     Write  passwords	into  /tmp/$USER-vnc/passwd, creating the /tmp/$USER-vnc/ directory if it does not exist, and checking the permis-
	      sions on that directory (the mode must be 700). This option can help to improve security when your home partition may be shared  via
	      network (e.g. when using NFS).

       -f     Filter  mode. Read plain-text passwords from stdin, write encrypted versions to stdout. One or two passwords (full-control and view-
	      only) can be supplied in the input stream, newline terminates a password.  Note that in the filter mode, short or even  empty  pass-
	      words will be silently accepted.

SEE ALSO

       vncserver(1), Xvnc(1), vncviewer(1), vncconnect(1)

AUTHORS

       Original  VNC  was developed in AT&T Laboratories Cambridge. TightVNC additions were implemented by Constantin Kaplinsky. Many other people
       participated in development, testing and support.

       Man page authors:
       Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>,
       Tim Waugh <twaugh@redhat.com>,
       Constantin Kaplinsky <const@tightvnc.com>

								    August 2006 						      vncpasswd(1)