Cool.  I knew there was something about this out there.  Thanks for clearing
it up.

Jay

-----Original Message-----
From: tclug-list-admin at mn-linux.org
[mailto:tclug-list-admin at mn-linux.org]On Behalf Of Dave Sherohman
Sent: Thursday, July 05, 2001 2:22 PM
To: tclug-list at mn-linux.org
Subject: Re: [TCLUG] Distro Switching - What files to back up?


On Thu, Jul 05, 2001 at 12:33:19PM -0500, Jay Kline wrote:
> Someone correct me if I am wrong, but doesn't the crypt() function do some
> seeding which will not allow the same shadow file to exist on more than
one
> machine (or 2 different installs on the same machine)?  I could be way off
> in left field on this, but I thought that was part of the reason shadow
was
> more secure.

You're wrong.  If you were correct, NIS and shadow couldn't work
together, but they get along just fine.

What you're probably thinking of is "salt".  It's a pair of
characters fed into crypt() along with the password which modifies
the result.  Password implementations that use salt typically
include it as the first two characters of the password hash, so that
it will be available when the password is checked.

(It may seem pointless to use salt if you're just going to tell the
world what salt you added, but it isn't.  Without salt, a dictionary
attack could just run "secret" through crypt and check the resulting
hash against the entire password database to see whether anyone had
it as their password.  With salt, the attacker needs to re-crypt
candidate passwords for each user (or group of users with the same
salt), which prevents him obtaining any economies of scale by
choosing to brute-force a larger password file.)
_______________________________________________
tclug-list mailing list
tclug-list at mn-linux.org
https://mailman.mn-linux.org/mailman/listinfo/tclug-list