|
|
| Line 1: |
Line 1: |
| − | ==Unix/Linux Password File==
| |
| − | Unix and its various clones have traditionally used the /etc/passwd file to store user account information, including passwords. Because the /etc/password file needs to be world-readable in order for utilities such as `ls` and `finger` to work modern Unix operating systems store the encrypted passwords in 'shadow' file named /etc/shadow.
| |
| | | | |
| − | {| class="wikitable" border="1"
| |
| − | |-
| |
| − | !Username
| |
| − | |The user's username
| |
| − | |-
| |
| − | !Password
| |
| − | |Older Unixes store the password crypt here, more modern ones use an 'x' character to denote that a shadow file is in use.
| |
| − | |-
| |
| − | !UID
| |
| − | |The numeric user ID of the user
| |
| − | |-
| |
| − | !GID
| |
| − | |The primary numeric group ID of the user
| |
| − | |-
| |
| − | !GECOS Field
| |
| − | |This is a text field which may contain information about the user such as name and contact details
| |
| − | |-
| |
| − | !Home directory
| |
| − | |The user's home directory
| |
| − | |-
| |
| − | !Shell
| |
| − | |The user's Unix shell
| |
| − | |}
| |
| − | <pre>
| |
| − | user1:x:600:600:User 1:/home/user1:/bin/bash
| |
| − | user2:x:601:601:User 2:/home/user2:/bin/bash
| |
| − | admin:x:602:602:Admin Account:/home/admin:/bin/bash
| |
| − | apache:x:603:603:Apache HTTP User:/var/www:/bin/bash
| |
| − | someguy:x:604:604:Someguy:/home/someguy:/bin/bash
| |
| − | </pre>
| |
| − |
| |
| − | The password is stored as an encrypted one-way hash of the original password. When a user attempts to authenticate the password supplied is encrypted using the same algorithm and compared to the stored password crypt.
| |
| − |
| |
| − | ===Unix Crypt===
| |
| − | The most commonly used password encryption in Unix for many year was crypt(). The Unix crypt command can be used to generate the Unix crypt value for a given string.
| |
| − |
| |
| − | <pre>
| |
| − | jim@localhost ~
| |
| − | $ crypt hello
| |
| − | S84xRArsM.gtk
| |
| − | </pre>
| |
| − |
| |
| − | In modern computing Unix crypt is severly limited. Passwords are restricted to 8 character passwords, and any trailing character as ignored. This puts brute force attacks on Unix crypts well within the realms of possibility.
| |
| − |
| |
| − | <pre>
| |
| − | jim@localhost ~
| |
| − | $ crypt xx hellohel
| |
| − | xxiHMKqoMTDuc
| |
| − |
| |
| − | jim@localhost ~
| |
| − | $ crypt xx hellohello
| |
| − | xxiHMKqoMTDuc
| |
| − | </pre>
| |
| − |
| |
| − | ===Salts===
| |
| − | Unix passwords usually use what is know as a salt to help make pre-computation of password hashes more difficult. A salt is a string which is prepended to the password before it is encrypted and stored along with the password in /etc/passwd. You cannot simply pre-compute crypt() values for a list of dictionary words, you would need to pre-compute the hash for each word along with every possible salt to produce a rainbow table of Unix password hashes. The result is a number of different hashes for any given password.
| |
| − |
| |
| − | If we use the Unix crypt command to encrypt a password and do not specify a salt then a random salt value is chosen.
| |
| − |
| |
| − | <pre>
| |
| − | jim@localhost ~
| |
| − | $ crypt hello
| |
| − | YnxINyIeMlKCM
| |
| − |
| |
| − | jim@localhost ~
| |
| − | $ crypt hello
| |
| − | v3njh4QHNjoWk
| |
| − | </pre>
| |
| − |
| |
| − | The first two characters of the resulting hash are the salt and must be used when subsequently comparing a supplied password with the stored crypt.
| |
| − |
| |
| − | <pre>
| |
| − | jim@localhost ~
| |
| − | $ crypt v3 hello
| |
| − | v3njh4QHNjoWk
| |
| − | </pre>
| |
| − |
| |
| − | Salts can be of any length
| |
| − |
| |
| − | ===MD5/SHA1===
| |
| − |
| |
| − | NIS
| |
