Shadow password
|
|
The process of shadowing passwords is used to increase the security level of passwords on Unix systems.
On a system without shadowed passwords, /etc/passwd holds the following user information:
- username
- encrypted password and salt
- password expiration information
- user ID (UID)
- default group ID (GID) for
- full name
- home directory path
- login shell
The file is world-readable (meaning that all users can read it), but only writeable by root. This means that an attacker can obtain the encrypted (or hashed) form user's password. The encrypted password is useful to an attacker because it allows a relatively fast way to test guessed passwords. Once the encrypted password is obtained, an attacker can mount a brute force attack offline, without alerting system security modules desingned to detect some number of failed login attempts. Most users select passwords that are vulnerable to such password cracking techniques.
Shadowing passwords stores users' encrypted passwords in a different file, usually /etc/shadow on Linux systems, or /etc/master.passwd on BSD systems, which can be read only by root. Virtually all modern Linux distributions use shadowed passwords. This makes stealing passwords more difficult, as root access is required to find the encrypted password. This was considered sufficient protection because a user with root permissions can find this or any data by other means, as he or she can examine the entire system, and could even subvert the passwd program to capture plaintext passwords. Unfortunately, some network authentication schemes operate by transmitting the encrypted password over the network, often making the data vulnerable to interception.