Results 1 to 3 of 3

Thread: Linux encryption

  1. #1

    Question Linux encryption

    I have been doing some tests on my comp, Redhat 7.2, to find out how the passwords are encrypted. My /etc/passwd is shadowed and in /etc/shadow, I have found that the salt with my account and for root's account is a three bytes! Is this correct, or have I misunderstood something?

    I have created other test accounts, just to observe the salt and yes, the same for the new ones as well. When I try to encrypt the same password as my account with the salt present in mine and root's encrypted password, they don't match!

    Could someone please shed some light on the situation? I would be very thankful.

    Thanks :-)

  2. #2
    Junior Member
    Join Date
    Jul 2002
    Posts
    11
    If your /etc/shadow looks like

    username:ssccccccccccc:....

    Then the "ss" stands for the 2 character salt, and the "ccccccccccc" is your
    encrypted password - just as the theory goes.

    But the beloved, old, Unix password system is too easy to break nowadays.
    So now they use something with md5() and longer passwords, and your
    entry ought to look more or less like:

    username:$1$xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:....

    where $1$ is not your salt, but just an indication of this new system. The x's do
    use some kind of salt, but I'm not quite aware how it works.

    Anyways - this is much, much more secure.

    By the way, the 2 systems may coexist on the same computer, and you may get
    one or the other depending on how you create your user, or change the password.

  3. #3
    Senior Member
    Join Date
    Nov 2001
    Location
    Ireland
    Posts
    734
    USed to be Altered DES.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •