Re: etc/passwd file
From: Richard Caley (MYFIRSTNAME@MYLASTNAME.org.uk)Date: 10/28/02
- Next message: Bernd Eckenfels: "Re: System Security"
- Previous message: Security: "Re: System Security"
- In reply to: tina: "etc/passwd file"
- Next in thread: : "Re: etc/passwd file"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Richard Caley <MYFIRSTNAME@MYLASTNAME.org.uk> Date: Mon, 28 Oct 2002 15:42:00 GMT
In article <apcro9$pjo$1@spacebar.ucc.usyd.edu.au>, comp5019 (c) writes:
c> why is the /etc/passwd file not hidden to make the system more
c> secure?
If you look on most (all?) modern Unixes you'll find that /etc/passwd
doesn't contain any password information. The name is historical. The
most sensitive information in there is what accounts exist and the
login shell, both of which are hard to hide from somoene who can log
in, so may as well be public (on the `if it's easy to get anyway,
don't fool yourself by hiding it' principle).
When the passwords _were_ in there it was (sepia tinted image with
banjo music) waaay back when the fact that they were encrypted by a
one way function was deemed to be enough security, before every 14
year old had a toy with enough processing power for a brute force
attack.
-- Mail me as MYFIRSTNAME@MYLASTNAME.org.uk _O_ |<
- Next message: Bernd Eckenfels: "Re: System Security"
- Previous message: Security: "Re: System Security"
- In reply to: tina: "etc/passwd file"
- Next in thread: : "Re: etc/passwd file"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
