Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
im doing a project on password auditing and need to know whether all users can view etc files
Mmmm, I don't quite understand the question.
All users have read permissions on most files under /etc, if that's what you mean. This is necessary, because the programs you use need to read this configuration files, and they have the same permissions of the user they run under.
About passwords, /etc/passwd is readable by all users. It's a need as well. That file holds vital info that needs to be accessible. However, the passwords are not really there, they are safe on /etc/shadow, and that shouldn't be readable by regular users. /etc/passwd only contains the placeholders for these passwords, but the actual passwords are encrypted in the shadow file.
Users can only view what they have permission to view. You can change permissions using chown with root privileges and ls -l should show what files/directories have what permissions. Root can see everything but it is possible for users to get their files encrypted in such a way that it's basically unreadable without knowing what encryption is in place.
I am not going to go to in depth because it's not my job to do other people's projects for them, but I think I have given enough information their to be useful, hmmm?
Because smaller passwords are easy to crack using brute force techniques.
The hardiness of a password grows exponentially each time you add a new digit to the password, as you might already know if you are researching on this. It simple maths.
Computationally, cracking passwords that are smaller than 8 characters is usually a breeze, a few hours or days at most on modern hardware.
As you said, he'd know if he researched it, he is just being lazy. This guy needs to do his OWN project. These are things so easy that you can find them quite quickly if you just use a search engine...
To get the basics you should read some basic cryptography. Learning a few old/weak algorithms doesn't take much time but gives you a good idea about how people have tried to solve the problem of secure messaging during the history. Then when you get the basics, go on to RSA (it's not difficult to understand either, if you play around with small enough numbers) and you'll learn a little more modern methods..
After you have studied the basics of the encryption algorithms/methods that you're interested in, you should know what things affect the "goodness" of the method, for example the length of a password. Eight is not a "magic number"; less or more does as well, but usually the smaller the numbers/lengths used, the easier the algorithm is to "break" (figure out enough of it to decrypt the encrypted content). On the other hand, the bigger the numbers or longer the lengths, the more it takes computing power and time to calculate the algorithm. So it's all about finding a balance between speed and security..at the moment it looks like there is no, nor will probably never be a fully secure way of encrypting data, but the methods used today are difficult enough to make using them sensible (especially if encryption/keys change frequently enough). But people study these things every day, and might well one day find that a method thought to be good contains a weakness that can be used to exploit it; that's why encryption algorithms are developed all the time, old are left out and new ones taken in. Read about SHA1- and MD5-algorithms for example.
If you need to ask why passwords should be N characters long and not M or L (where N, M and L are certain integers), or why they should contain alphanumeric characters instead of just characters, you don't probably understand enough of the basics..so head to a local library and get a book about the history of encryption for a start.
It's just what fits today's hardware. At one point in the future we will have pc's with 100 cores running at 10 terahertzs, then that number will probably be raised to 14 or 15, since a 8 chars password would be easily crackable in a fair time lapse.