On Wed, Jun 04, 2014 at 12:44:01PM +0200, FRIGN wrote: > On Wed, 4 Jun 2014 00:15:58 +0200 > Alexander Huemer <[email protected]> wrote: > > > You think so? That's not at all what I personally associate with this > > feature. Can you elaborate? > > Many people don't understand how hashing-functions work.
Obviously true. > The shadow-file might suggest knowing the hash inherently unveils the > password in some magic way. This _might_ suggest that, but I'd say that's far fetched. > In reality, the incorporation of the shadow-file was motivated to make > brute-force-attacks slower and less effective, but they are still > possible. I don't think that was the sole motivation, just one of them. > Thus, the shadow file locks things up a bit more, brings some more > complexity It adds some complexity, but quite moderately. You want to have those hashing algos on your system anyway. > but this doesn't mean /etc/passwd is insecure. That's true, but not the point here. > If you use strong passwords, you don't need the shadow-file. If you > have a weak password, the shadow-file on the other hand just delays the > eventual breach. > > Looking at it from the programmer's side: Implementing /etc/shadow > brings more complexity to the program. Avoiding complexity is one goal > to set, thus avoiding /etc/shadow is a good way to simplify things. > > As Dimitris said before: If you are serious about breaking into a > computer, the security brought by login is laughable and easy to > circumvent. Obviously true. Physical access to a machine that does not store the data encrypted is a sure win for the attacker. LG, -Alex
