LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices



Reply
 
Search this Thread
Old 09-11-2008, 07:35 AM   #1
Alphy Thomson
LQ Newbie
 
Registered: Sep 2008
Posts: 5

Rep: Reputation: 0
Wink can u see etc files of other users


im doing a project on password auditing and need to know whether all users can view etc files
 
Old 09-11-2008, 07:53 AM   #2
i92guboj
Gentoo support team
 
Registered: May 2008
Location: Lucena, Córdoba (Spain)
Distribution: Gentoo
Posts: 4,049

Rep: Reputation: 378Reputation: 378Reputation: 378Reputation: 378
Quote:
Originally Posted by Alphy Thomson View Post
im doing a project on password auditing and need to know whether all users can view etc files
Mmmm, I don't quite understand the question.

All users have read permissions on most files under /etc, if that's what you mean. This is necessary, because the programs you use need to read this configuration files, and they have the same permissions of the user they run under.

About passwords, /etc/passwd is readable by all users. It's a need as well. That file holds vital info that needs to be accessible. However, the passwords are not really there, they are safe on /etc/shadow, and that shouldn't be readable by regular users. /etc/passwd only contains the placeholders for these passwords, but the actual passwords are encrypted in the shadow file.
 
Old 09-11-2008, 07:56 AM   #3
r3sistance
Senior Member
 
Registered: Mar 2004
Location: UK
Distribution: CentOS 5.4, Mac OS 10.4 (tiger)
Posts: 1,005

Rep: Reputation: 79
Users can only view what they have permission to view. You can change permissions using chown with root privileges and ls -l should show what files/directories have what permissions. Root can see everything but it is possible for users to get their files encrypted in such a way that it's basically unreadable without knowing what encryption is in place.

I am not going to go to in depth because it's not my job to do other people's projects for them, but I think I have given enough information their to be useful, hmmm?
 
Old 09-13-2008, 03:31 AM   #4
Alphy Thomson
LQ Newbie
 
Registered: Sep 2008
Posts: 5

Original Poster
Rep: Reputation: 0
any ideas as 2 why we convert passwd to uppercase in the md4 algorithm which is used in NTLM encryption
 
Old 09-13-2008, 03:43 AM   #5
Alphy Thomson
LQ Newbie
 
Registered: Sep 2008
Posts: 5

Original Poster
Rep: Reputation: 0
it is always recomeneded that your passwd be greater than 8 letters .why is it so ??
 
Old 09-14-2008, 12:51 AM   #6
i92guboj
Gentoo support team
 
Registered: May 2008
Location: Lucena, Córdoba (Spain)
Distribution: Gentoo
Posts: 4,049

Rep: Reputation: 378Reputation: 378Reputation: 378Reputation: 378
Quote:
Originally Posted by Alphy Thomson View Post
it is always recomeneded that your passwd be greater than 8 letters .why is it so ??
Because smaller passwords are easy to crack using brute force techniques.

The hardiness of a password grows exponentially each time you add a new digit to the password, as you might already know if you are researching on this. It simple maths.

Computationally, cracking passwords that are smaller than 8 characters is usually a breeze, a few hours or days at most on modern hardware.
 
Old 09-14-2008, 02:23 AM   #7
r3sistance
Senior Member
 
Registered: Mar 2004
Location: UK
Distribution: CentOS 5.4, Mac OS 10.4 (tiger)
Posts: 1,005

Rep: Reputation: 79
Quote:
Originally Posted by i92guboj View Post
Because smaller passwords are easy to crack using brute force techniques.

The hardiness of a password grows exponentially each time you add a new digit to the password, as you might already know if you are researching on this. It simple maths.

Computationally, cracking passwords that are smaller than 8 characters is usually a breeze, a few hours or days at most on modern hardware.
As you said, he'd know if he researched it, he is just being lazy. This guy needs to do his OWN project. These are things so easy that you can find them quite quickly if you just use a search engine...
 
Old 09-14-2008, 06:21 AM   #8
lipun4u
Member
 
Registered: Sep 2008
Location: Mumbai, india
Distribution: ubuntu and hp-unix
Posts: 118

Rep: Reputation: 15
why 8 is the magic no. for password length ???

why not 9 or 5 ???
 
Old 09-14-2008, 08:09 AM   #9
b0uncer
Guru
 
Registered: Aug 2003
Distribution: CentOS, OS X
Posts: 5,131

Rep: Reputation: Disabled
To get the basics you should read some basic cryptography. Learning a few old/weak algorithms doesn't take much time but gives you a good idea about how people have tried to solve the problem of secure messaging during the history. Then when you get the basics, go on to RSA (it's not difficult to understand either, if you play around with small enough numbers) and you'll learn a little more modern methods..

After you have studied the basics of the encryption algorithms/methods that you're interested in, you should know what things affect the "goodness" of the method, for example the length of a password. Eight is not a "magic number"; less or more does as well, but usually the smaller the numbers/lengths used, the easier the algorithm is to "break" (figure out enough of it to decrypt the encrypted content). On the other hand, the bigger the numbers or longer the lengths, the more it takes computing power and time to calculate the algorithm. So it's all about finding a balance between speed and security..at the moment it looks like there is no, nor will probably never be a fully secure way of encrypting data, but the methods used today are difficult enough to make using them sensible (especially if encryption/keys change frequently enough). But people study these things every day, and might well one day find that a method thought to be good contains a weakness that can be used to exploit it; that's why encryption algorithms are developed all the time, old are left out and new ones taken in. Read about SHA1- and MD5-algorithms for example.

If you need to ask why passwords should be N characters long and not M or L (where N, M and L are certain integers), or why they should contain alphanumeric characters instead of just characters, you don't probably understand enough of the basics..so head to a local library and get a book about the history of encryption for a start.
 
Old 09-15-2008, 12:29 AM   #10
i92guboj
Gentoo support team
 
Registered: May 2008
Location: Lucena, Córdoba (Spain)
Distribution: Gentoo
Posts: 4,049

Rep: Reputation: 378Reputation: 378Reputation: 378Reputation: 378
There's no magic behind it.

It's just what fits today's hardware. At one point in the future we will have pc's with 100 cores running at 10 terahertzs, then that number will probably be raised to 14 or 15, since a 8 chars password would be easily crackable in a fair time lapse.
 
Old 09-19-2008, 06:25 AM   #11
Alphy Thomson
LQ Newbie
 
Registered: Sep 2008
Posts: 5

Original Poster
Rep: Reputation: 0
Red face structure of sam file

how can i estimate the length of the password stored in the sam file??
 
  


Reply

Tags
auditing, passwd


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Creating Files as Users Counal1 Linux - General 5 04-07-2008 07:43 PM
Hide files users do not have access to vonedaddy Linux - Newbie 5 01-05-2008 03:29 AM
CHMOD files for all users as root, how?! $Linuxnoob Fedora 3 04-09-2006 11:31 PM
Hiding files from users TomalakBORG Linux - General 3 02-04-2006 05:00 PM
Where did ex-users files go? wmcase Linux - Security 4 12-05-2004 03:55 AM


All times are GMT -5. The time now is 05:09 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration