Laugh. Yes this statement you copied is false. It assumed you had a word to compare it to the one-way hash in the shadow file. I was not clear on that. Russell
Spike Ilacqua wrote: > > I repeat. This statement is BS. A shadow password file contains a > > PLAIN TEXT PASSWORD that you can compare against. > > No it doesn't and it never has. A UNIX shadow password file contains > either an encrypted version of a know string using the password as the > encryption key, or a MD5 (or similar) hash of the original password. > Both methods fudge things a bit so there is more that one string/hash > for any given password. The orignal password is never stored and both > methods are one way, you can't recreate the password from the string > or hash. > > When a user tries to login the plain text password they supply is used > to encrypt the known string or generate a MD5 hash. The string/hash > is then compared against the stored version and if it matches the > password was good. > > Shadow password files exist to protect the strings/hashes. In the > good old days they were stored the password file. But as computers > got faster it became possible brute force crack passwords. Basically > you generate all the possible strings/hashes for, say, "sex" and > search for them in the password file. So the shadow password file was > created to limit access to the strings/hashes. > > Bottom line: UNIX never stores the plain text password. > > ->Spike > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
