The password stored in /etc/passwd or /etc/shadow is never just a simple 1
> to 1 encryption. Two similar strings, when encrypted seperately, do not
> result in the same encrypted string. This is a measure of security. If
> two users sharing the same password or passphrase had the exact same
> entries in the /etc/passwd or /etc/shadow file, it would become easier to
> break into other user's account.
>
> Something called a "salt" is used to ensure that the same string, when
> encrupted on multiple occasions does not result in the same encrypted
> string.
>
> Thaths
Sorry, but I don't understand. What I always thought was that when you login
and give a password, that password is encrypted and the result is compared
to that already in a file (etc/password or etc/shadow) right ?
So how come if the result of encrypting the same string seperately gives
different results, does user authentication occur ?
or am I going off at the deep end ?
some explanation/pointers/links please...
sharukh.
----------------------------------------------
The mailing list archives are available at
http://lists.linux-india.org/cgi-bin/wilma/LIH
