LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 12-08-2004, 12:36 PM   #1
Berhanie
Senior Member
 
Registered: Dec 2003
Location: phnom penh
Distribution: Fedora
Posts: 1,625

Rep: Reputation: 165Reputation: 165
the point of salt in /etc/shadow


I understand the password field consists of
Code:
$1$salt$encoded_passwd
I can see how a salt would prevent a simple dictionary lookup (but, see note below) if the file were readable to everyone, as was the case before passwords were shadowed; but since /etc/shadow has tight permissions, what is the point of having a salt? Is it to add an extra level of protection in the event an unauthorized someone somehow manages to access it?

Note: In the event that encoded passwords and their salts are readable by everyone, it seems to me a dictionary attack would still be possible: the dictionary just gets lengthened by some constant factor to take new variations introduced by the salt into account. This just delays the inevitable.
 
Old 12-08-2004, 02:39 PM   #2
wapcaplet
LQ Guru
 
Registered: Feb 2003
Location: Colorado Springs, CO
Distribution: Gentoo
Posts: 2,018

Rep: Reputation: 48
This function definition helps explain it a little bit. It looks like you're right; it just helps to prolong the inevitable. But prolonging the task of password-cracking can help security, at least a little bit, since it can multiply the number of guesses an attacker must make.

Though, given what we've been hearing about MD5 lately, we may need a new password-hash scheme before long anyway.
 
Old 12-08-2004, 10:06 PM   #3
Berhanie
Senior Member
 
Registered: Dec 2003
Location: phnom penh
Distribution: Fedora
Posts: 1,625

Original Poster
Rep: Reputation: 165Reputation: 165
Thanks for the interesting information, wapcaplet.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
salt string balajee Linux - Software 1 08-02-2005 12:41 AM
/etc/shadow- (notice the dash after the word shadow) shellcode Linux - Security 1 09-03-2004 04:54 AM
Mandrake MNF with point-to-point T1, routers ioannes Linux - Networking 0 07-24-2003 08:59 AM
Is there a detailed point by point comparison on Linux to Windows? Paul Parr Linux - General 4 04-26-2003 02:35 AM
point to point address assignment of ppp0 andyn Linux - Networking 0 10-11-2002 10:45 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:39 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration