I would like to make my Debian box use shadow passwords since it is
allways on the 'Net. Firstly, how do I turn on shadow passwords in debian?
Secondly, will this affect my pppd, proftpd, telnetd, apache or other daemons?
Thanks,
Timothy Hospedales
BTW, I was reading the Shadow-HOWTO and it says
<SNIP>
System crackers know all this, and will simply encrypt a dictionary of words
and common passwords using all possible 4096 salt values. Then they will
compare the encoded passwords in your
/etc/passwd file with their database. Once they have found a match, they have
the password for another account. This is referred to as a dictionary attack,
and is one of the most common methods
for gaining or expanding unauthorized access to a system.
If you think about it, an 8 character password encodes to 4096 * 13 character
strings. So a dictionary of say 400,000 common words, names, passwords, and
simple variations would easily fit on a
4GB hard drive. The attacker need only sort them, and then check for matches.
Since a 4GB hard drive can be had for under $1000.00, this is well within the
means of most system crackers.
</SNIP>
If a 4GB drive and lots of time are all it takes, how do any systems at
all w/o shadow passwords avoid breakins?
<SNIP>
Also, if a cracker obtains your /etc/passwd file first, they only need to
encode the dictionary with the salt values actually contained in your
/etc/passwd file. This method is usable by your
average teenager with a couple of hundred spare Megabytes and a 486 class
computer.
</SNIP>
Since /etc/passwd is world readable, then it sould not be a problem to
break into any non-shadow system?
Yes, i'm clueless about security having used Windoze all my life until
afew months ago when I first heard about Linux! So thanks for any advice!
----------------------------------
E-Mail: [EMAIL PROTECTED]
Date: 26-Apr-98
Time: 17:36:50
This message was sent by XFMail.
Powered by GNU/Linux 2.0.
----------------------------------
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
