Subject: Re: passwd encryption algorithm change possible?
To: David Woyciesjes <DAW@yalepress3.unipress.yale.edu>
From: Andrew Brown <email@example.com>
Date: 01/23/2001 13:17:54
> Actually, I may be wrong. I recall now that I heard about it in a
>book on Linux... not NetBSD per se. Whether or not it's in NetBSD, I'm not
> Anyway, what it does basically is take the password out of the
>normal password file, and stick it in a shadow file, which IIRC is
>accessible only by root ( or SU, I suupose). Keep in mind, I'm not positive
>on the details ( don't have the book here with me)
shadowed passwords are an option on linux, but have always been in
the master.passwd file contains an "encrypted" copy of a user's
password and is readable only by root. the getpw*() routines in libc
don't look at the master.passwd file (or the /etc/passwd file, which
is just there for people to read), but in the databases /etc/pwd.db
and /etc/spwd.db (which is also readable only by root). the
"encrypted" password is only copied into the spwd.db file.
 it's not actually encrypted, per se, so if you want to be pedantic
about it, what it actually does is pretend the user's password is a 56
des key and uses it to encrypt 64 bits of zeroes, but with 25 rounds
instead of 16, and with a salt to further "obscure" the output
(thereby making a dictionary attack more difficult).
|-----< "CODE WARRIOR" >-----|
firstname.lastname@example.org * "ah! i see you have the internet
email@example.com (Andrew Brown) that goes *ping*!"
firstname.lastname@example.org * "information is power -- share the wealth."