cracking open source password programs
as fedora or other linux distribution are open source, so what about the password program which hides uses password /etc/passwd file... can not anybody guess it
forgive me my english is not good |
what about it? Looking at source code shouldn't expose security issues, if it does, then you've written in wrong.
Basically the password hash in /etc/shadow using one way salted cryptography algorithms. How it works is EXTREMELY well documented (feel free to go read) and a corner stone of it is that you can not unencrypt a password ever. So when you compare passwords, you're actually encrypting the password given by the user, with the salt string and comparing the encrypted values, not the original passwords, which no one ever actually records. btw, a please / thank you wouldn't go amiss next time. |
ok thanks acid_kewpie
|
In addition /etc/shadow has permissions which not allow normal users to read it.
|
All times are GMT -5. The time now is 01:58 AM. |