/etc/passwd

Matthias Benkmann matthias at winterdrache.de
Thu Jan 17 12:59:44 PST 2002


On 17 Jan 2002, at 11:27, Bruce Dubbs wrote:

> Matthias Benkmann wrote:
> > On 17 Jan 2002, at 10:47, Bruce Dubbs wrote:
> > 
> > 
> >>password?  If you were cracking passwords a lot, you could just generate
> >>all combinations up to a certain length on a large hard disk and do a
> >>binary search on the digest and get any of those PWs in less than a
> >>second.
> >>
> > 
> > To prevent this, a so-called salt is used. You do not only encrypt the

> This is true over the net with such programs as ssh in negotiating 
> session passwords, but is it also true with a console logon?  

man crypt gives

char *crypt(const char *key, const char *salt);


so the standard crypt() function uses a salt.

I don't see
> how the system would know what salt to apply--it would have to be saved
> someplace.

It's saved in /etc/passwd along with the encrypted password.

MSB

-- 
Why is TV called a medium?
Because it's neither rare nor well done.

-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-security' in the subject header of the message



More information about the lfs-security mailing list