Re: etc/passwd file
From: Joe Richards (jrichard32@hotmail.com)Date: 10/27/02
- Next message: Murray Watson: "Re: A follow-up on the Tiger issue"
- Previous message: Warren E Bullock III: "A follow-up on the Tiger issue"
- In reply to: tina: "etc/passwd file"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: jrichard32@hotmail.com (Joe Richards) Date: 26 Oct 2002 20:01:05 -0700
"tina" <comp5019@hotmail.com> wrote in message news:<apcro9$pjo$1@spacebar.ucc.usyd.edu.au>...
> why is the /etc/passwd file not hidden
> to make the system more secure?
The only thing an attacker could gain is knowledge of other logins
used on the system. Hopefully people aren't complete idiots and have
half decent passwords so that this info is of no use. That aside,
passwords are usually in /etc/shadow (and they are encrypted with a
one-way algorithm anyway)....when a user tries to login to a *NIX
system, it encrypts the input the user types in as the password,
encrypts it, and compares the encryped input with the stored encrypted
password. If these match then, obviously, it's the right password. So,
in short, I do not believe that the /etc/passwd file being out in the
open is insecure. Hope this helps.....
-joe
-- joe@NO_SPAMpi.cubicle.net Network Security Analyst [http://www.blocked.org/~joe] Linux User #290898
- Next message: Murray Watson: "Re: A follow-up on the Tiger issue"
- Previous message: Warren E Bullock III: "A follow-up on the Tiger issue"
- In reply to: tina: "etc/passwd file"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
