LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)
-   -   cracking open source password programs (https://www.linuxquestions.org/questions/linux-software-2/cracking-open-source-password-programs-4175450229/)

makhan10 02-15-2013 02:30 AM
cracking open source password programs
 
as fedora or other linux distribution are open source, so what about the password program which hides uses password /etc/passwd file... can not anybody guess it

forgive me my english is not good

acid_kewpie 02-15-2013 02:34 AM
what about it? Looking at source code shouldn't expose security issues, if it does, then you've written in wrong.

Basically the password hash in /etc/shadow using one way salted cryptography algorithms. How it works is EXTREMELY well documented (feel free to go read) and a corner stone of it is that you can not unencrypt a password ever. So when you compare passwords, you're actually encrypting the password given by the user, with the salt string and comparing the encrypted values, not the original passwords, which no one ever actually records.

btw, a please / thank you wouldn't go amiss next time.

makhan10 02-15-2013 02:35 AM
ok thanks acid_kewpie

eSelix 02-15-2013 02:58 AM
In addition /etc/shadow has permissions which not allow normal users to read it.


All times are GMT -5. The time now is 01:58 AM.