UNIX for Dummies Questions & Answers

In unix, i know the password encrypt by using salt
But how does it work? And how windows protect its password?
Thank you for helping in advance

I don't think that anybody on this forum will answer your question.
Both unix and (recent) Microsoft Windows password encription methods are secure and do not allow the encrypted password to be decrypted - even with knowledge of the salt.

Try searching for password cracker, you can run them against the /etc/shadow file.

Hmm. Irresponsible.

The weak point for Windows passwords is not how they're stored but how they're authenticated. An XP computer and a Vista computer drop down to the common Windows NT lanman hash.

I take it you prefer security through obscurity?

Your encrypted password is not stored in /etc/passwd file, It is stored in /etc/shadow file.
In the good old days there was no great problem with this general read permission. Everybody could read the encrypted passwords, but the hardware was too slow to crack a well-chosen password, and moreover, the basic assumption used to be that of a friendly user-community.


Almost, all modern Linux / UNIX operating systems use the shadow password system where /etc/passwd has asterisks (*) instead of encrypted passwords, and the encrypted passwords are in /etc/shadow which is readable by the superuser only.


And the use of the word encrypted is misleading too.
The word encrypted makes you think that there is a de-crypt command of some kind.

The passwords are really “hashed”.

A cryptographic hash function is a deterministic procedure that takes an arbitrary block of data and returns a fixed-size bit string, the (cryptographic) hash value, such that an accidental or intentional change to the data will change the hash value. The data to be encoded is often called the "message", and the hash value is sometimes called the message digest or simply digest.
The ideal cryptographic hash function has four main properties:
• it is easy to compute the hash value for any given message,
• it is infeasible to find a message that has a given hash,
• it is infeasible to modify a message without changing its hash,
• it is infeasible to find two different messages with the same hash.

So if we want to get a password back from a hash we have to do it by guessing and testing.

Passwords can sometimes be guessed by humans with knowledge of the user's personal information.

Examples of guessable passwords include:
• blank (none)
• the words "password", "passcode", "admin" and their derivatives
• a row of letters from the qwerty keyboard -- qwerty itself, asdf, or qwertyuiop)
• the user's name or login name
• the name of their significant other, a friend, relative or pet
• their birthplace or date of birth, or a friend's, or a relative's
• their automobile license plate number, or a friend's, or a relative's
• their office number, residence number or most commonly, their mobile number.
• a name of a celebrity they like
• a simple modification of one of the preceding, such as suffixing a digit, particularly 1, or reversing the order of the letters.
• a swear word

In a large password sample the above can “guess” as much as 60% of all password's

in most unix systems the password hash is based on DES.