Date: Tue, 2 Oct 2001 01:07:38 -0700 From: "Crist J. Clark" <cristjc@earthlink.net> To: Nathan Mace <nmace85@yahoo.com> Cc: Jonathan Chen <jonathan.chen@itouch.co.nz>, freebsd-questions@FreeBSD.ORG Subject: Re: shadow passwords Message-ID: <20011002010738.J304@blossom.cjclark.org> In-Reply-To: <20011002000339.3417c5d7.nmace85@yahoo.com>; from nmace85@yahoo.com on Tue, Oct 02, 2001 at 12:03:39AM -0400 References: <20011001232941.5db52eb7.nmace85@yahoo.com> <20011002153410.A92785@jonc.itouch> <20011002000339.3417c5d7.nmace85@yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Oct 02, 2001 at 12:03:39AM -0400, Nathan Mace wrote: > On Tue, 2 Oct 2001 15:34:10 +1200 > Jonathan Chen <jonathan.chen@itouch.co.nz> wrote: > > > On Mon, Oct 01, 2001 at 11:29:41PM -0400, Nathan Mace wrote: > > > does freebsd support shadow passwords? > > > > FreeBSD does not show the encrypted password in /etc/passwd. It's > > stored > > in /etc/master.passwd, and the only way you can see it is if you've > > got > > root privileges. And if someone has root, the system's open to them. > > > sweet...thats what i wanted to know...but what about making the > master.passwd entries harder to crack? what would keep them from > somehow getting a copy and using pure brute force to crack it? i'm > currently using MD5(i think, not sure) is that the best encryption to > use? The limitation of DES is the eight-character limit. If you are using eight characters or less, there is really no difference whether you use DES or MD5. The methodology to crack either would be identical and the differences in computation time would not really be important. Using MD5 is really only better if you use passwords greater than eight characters long (of course, one might argue that just because you use MD5 you _could_ be using longer passwords could discourage an attacker, but that's not real security). In any case, do not use easy to guess passwords, i.e. dictionary words, common mispellings, appending or prepending a number, or substituting a number for letter (changing 'e' to '3,' or 'l' to '1', etc.). > also i read in the handbook how you can tell...the MD5 entries have a > $1$ in them...my root passwd has it but my user account doesn't...whats > up with that? I recall that there once was a bug that caused this (was it never fixed?), but it can also result from pilot error. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011002010738.J304>