Design
Systems administrators can reduce the likelihood of brute force attacks by making the list of hashed passwords unreadable by unprivileged users. The obvious way to do this is to make the passwd database itself readable only by the root user. However, this would restrict access to other data in the file such as username-to-userid mappings, which would break many existing utilities and provisions. One solution is a "shadow" password file to hold the password hashes separate from the other data in the world-readable passwd file. For local files, this is usually /etc/shadow on Linux and Unix systems, or /etc/master.passwd on BSD systems; each is readable only by root. (Root access to the data is considered acceptable since on systems with the traditional "all-powerful root" security model, the root user would be able to obtain the information in other ways in any case). Virtually all recent Unix-like operating systems use shadowed passwords.
The shadow password file does not entirely solve the problem of attacker access to hashed passwords, as some network authentication schemes operate by transmitting the hashed password over the network (sometimes in cleartext, e.g., Telnet ), making it vulnerable to interception. Copies of system data, such as system backups written to tape or optical media, can also become a means for illicitly obtaining hashed passwords. In addition, the functions used by legitimate password-checking programs need to be written in such a way that malicious programs cannot make large numbers of authentication checks at high rates of speed.
Read more about this topic: Shadow (file)
Famous quotes containing the word design:
“With wonderful art he grinds into paint for his picture all his moods and experiences, so that all his forces may be brought to the encounter. Apparently writing without a particular design or responsibility, setting down his soliloquies from time to time, taking advantage of all his humors, when at length the hour comes to declare himself, he puts down in plain English, without quotation marks, what he, Thomas Carlyle, is ready to defend in the face of the world.”
—Henry David Thoreau (1817–1862)
“Delay always breeds danger; and to protract a great design is often to ruin it.”
—Miguel De Cervantes (1547–1616)
“If I commit suicide, it will not be to destroy myself but to put myself back together again. Suicide will be for me only one means of violently reconquering myself, of brutally invading my being, of anticipating the unpredictable approaches of God. By suicide, I reintroduce my design in nature, I shall for the first time give things the shape of my will.”
—Antonin Artaud (1896–1948)