Re: how strong is the /etc/passwd encryption?

[Ramon Gandia <rfg nook net>]

Boba Fette wrote:
> 
> If you don't suspect you are already using Shadow passwords, is there a
> way to activate them? Also how can one determine if they are active? I
> looked for an /etc/shadow file, but was unable to find one.

There is a program called /usr/sbin/pwconv which converts your system
from
normal passwords to shadow passwords.  When its done, your /etc/passwd
file will show a little x where the password was.  Like this:

rfg:6TGbv7yiltheoi8qp:610:508::/home/rfg:/bin/false      to
rfg:x:610:508::/home/rfg:/bin/false

and also the file /etc/shadow is created and the encrypted password
shows
up there.  It takes care of all other arrangements.

There is the reverse program called /usr/sbin/pwunconv which does it
the other way around.

Look carefully.  The encrypted password is verbatim the same as on the
/etc/passwd file prior to converting.  It does not actually do anything
to it.  The key difference is that /etc/passwd is world readable,whereas
/etc/shadow is only readable by root.

If you want REALLY encrypted passwords, then get the MD5 encrypted 
passwords in conjunction with shadow.  It lets you use LONG passwords
and really encrypts them!  Even Kevin Mitnick sweats this one!


-- 
Ramon Gandia ==== Sysadmin ==== Nook Net ==== http://www.nook.net
285 West First Avenue                                rfg nook net
P.O. Box 970                                    tel. 907-443-7575
Nome, Alaska 99762-0970 ======================= fax. 907-443-2487