Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place! |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
09-11-2008, 06:35 AM
|
#1
|
LQ Newbie
Registered: Sep 2008
Posts: 5
Rep:
|
can u see etc files of other users
im doing a project on password auditing and need to know whether all users can view etc files
|
|
|
09-11-2008, 06:53 AM
|
#2
|
Gentoo support team
Registered: May 2008
Location: Lucena, Córdoba (Spain)
Distribution: Gentoo
Posts: 4,083
|
Quote:
Originally Posted by Alphy Thomson
im doing a project on password auditing and need to know whether all users can view etc files
|
Mmmm, I don't quite understand the question.
All users have read permissions on most files under /etc, if that's what you mean. This is necessary, because the programs you use need to read this configuration files, and they have the same permissions of the user they run under.
About passwords, /etc/passwd is readable by all users. It's a need as well. That file holds vital info that needs to be accessible. However, the passwords are not really there, they are safe on /etc/shadow, and that shouldn't be readable by regular users. /etc/passwd only contains the placeholders for these passwords, but the actual passwords are encrypted in the shadow file.
|
|
|
09-11-2008, 06:56 AM
|
#3
|
Senior Member
Registered: Mar 2004
Location: UK
Distribution: CentOS 6/7
Posts: 1,375
|
Users can only view what they have permission to view. You can change permissions using chown with root privileges and ls -l should show what files/directories have what permissions. Root can see everything but it is possible for users to get their files encrypted in such a way that it's basically unreadable without knowing what encryption is in place.
I am not going to go to in depth because it's not my job to do other people's projects for them, but I think I have given enough information their to be useful, hmmm?
|
|
|
09-13-2008, 02:31 AM
|
#4
|
LQ Newbie
Registered: Sep 2008
Posts: 5
Original Poster
Rep:
|
any ideas as 2 why we convert passwd to uppercase in the md4 algorithm which is used in NTLM encryption
|
|
|
09-13-2008, 02:43 AM
|
#5
|
LQ Newbie
Registered: Sep 2008
Posts: 5
Original Poster
Rep:
|
it is always recomeneded that your passwd be greater than 8 letters .why is it so ??
|
|
|
09-13-2008, 11:51 PM
|
#6
|
Gentoo support team
Registered: May 2008
Location: Lucena, Córdoba (Spain)
Distribution: Gentoo
Posts: 4,083
|
Quote:
Originally Posted by Alphy Thomson
it is always recomeneded that your passwd be greater than 8 letters .why is it so ??
|
Because smaller passwords are easy to crack using brute force techniques.
The hardiness of a password grows exponentially each time you add a new digit to the password, as you might already know if you are researching on this. It simple maths.
Computationally, cracking passwords that are smaller than 8 characters is usually a breeze, a few hours or days at most on modern hardware.
|
|
|
09-14-2008, 01:23 AM
|
#7
|
Senior Member
Registered: Mar 2004
Location: UK
Distribution: CentOS 6/7
Posts: 1,375
|
Quote:
Originally Posted by i92guboj
Because smaller passwords are easy to crack using brute force techniques.
The hardiness of a password grows exponentially each time you add a new digit to the password, as you might already know if you are researching on this. It simple maths.
Computationally, cracking passwords that are smaller than 8 characters is usually a breeze, a few hours or days at most on modern hardware.
|
As you said, he'd know if he researched it, he is just being lazy. This guy needs to do his OWN project. These are things so easy that you can find them quite quickly if you just use a search engine...
|
|
|
09-14-2008, 05:21 AM
|
#8
|
Member
Registered: Sep 2008
Location: Mumbai, india
Distribution: ubuntu and hp-unix
Posts: 118
Rep:
|
why 8 is the magic no. for password length ???
why not 9 or 5 ???
|
|
|
09-14-2008, 07:09 AM
|
#9
|
LQ Guru
Registered: Aug 2003
Distribution: CentOS, OS X
Posts: 5,131
Rep: 
|
To get the basics you should read some basic cryptography. Learning a few old/weak algorithms doesn't take much time but gives you a good idea about how people have tried to solve the problem of secure messaging during the history. Then when you get the basics, go on to RSA (it's not difficult to understand either, if you play around with small enough numbers) and you'll learn a little more modern methods..
After you have studied the basics of the encryption algorithms/methods that you're interested in, you should know what things affect the "goodness" of the method, for example the length of a password. Eight is not a "magic number"; less or more does as well, but usually the smaller the numbers/lengths used, the easier the algorithm is to "break" (figure out enough of it to decrypt the encrypted content). On the other hand, the bigger the numbers or longer the lengths, the more it takes computing power and time to calculate the algorithm. So it's all about finding a balance between speed and security..at the moment it looks like there is no, nor will probably never be a fully secure way of encrypting data, but the methods used today are difficult enough to make using them sensible (especially if encryption/keys change frequently enough). But people study these things every day, and might well one day find that a method thought to be good contains a weakness that can be used to exploit it; that's why encryption algorithms are developed all the time, old are left out and new ones taken in. Read about SHA1- and MD5-algorithms for example.
If you need to ask why passwords should be N characters long and not M or L (where N, M and L are certain integers), or why they should contain alphanumeric characters instead of just characters, you don't probably understand enough of the basics..so head to a local library and get a book about the history of encryption for a start.
|
|
|
09-14-2008, 11:29 PM
|
#10
|
Gentoo support team
Registered: May 2008
Location: Lucena, Córdoba (Spain)
Distribution: Gentoo
Posts: 4,083
|
There's no magic behind it.
It's just what fits today's hardware. At one point in the future we will have pc's with 100 cores running at 10 terahertzs, then that number will probably be raised to 14 or 15, since a 8 chars password would be easily crackable in a fair time lapse.
|
|
|
09-19-2008, 05:25 AM
|
#11
|
LQ Newbie
Registered: Sep 2008
Posts: 5
Original Poster
Rep:
|
structure of sam file
how can i estimate the length of the password stored in the sam file??
|
|
|
All times are GMT -5. The time now is 02:25 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|