Shadow Passwords
By: Cygnus - Necromancer
In general technique "Shadow Password" in the bucket as follows:
For all entry in the directory '/ etc / passwd_file', that is encrypted password files moved to the other, such as'
/ etc / shadow '.
While the '/ etc / passwd' can be read by everyone in the system, 'etc / shadow' can only be read by the group
concerned, may even read only by the superuser. This is necessary to anticipate the list
encrypted password that the program be solved by the dictionary.
Ideas on the "information" (hiding information) is one of many techniques contained in the category
"Security through Obscurity". According to those communities LINUX, 2 opinions on the "Security through Obscurity", namely:
1. "It can help and can not be destroyed, then let us use it"
2. "In fact, can be destroyed, because he makes a wrong on security, and should not be used"
But there are many more people will be good from the shadow password, it will be raised from third-baikan shadow password. The main assumption when people use the system to the shadow password is that the use of this system promises that no one does not have the rights, will be able to see the password list.
But somehow, some people can make mistakes with the release list it. Perhaps the opponent (Adversary), which has root access before, with the "work" sysadmin on the right time, he will be able to obtain the information needed. Adversary may not be enough time to install the program "backdoor", but he can "fly wallop on the password file.
Or by making an error in the permissions settings from the 'etc / shadow,' or giving instructions "chmod ar / etc / *" without thinking involvement in the '/ etc / shadow'.
Or another possibility is that there is a security problem just after the correct use "CERT advisory," this will create a list of passwords will be read by anyone, too! And there are many ways to release the contents of the '/ etc / shadow', when we had to be an experienced sysadmin.
The problem with using the system as is the shadow password system will provide a sense of security (false sense of security). In this case, they will think that the list of passwords is secure and Protected. This often makes sense sysadmin lazy to use the method that is more superior, and more pro-active (pro-active method) to password protect their files.
The most easy and most inexpensive method on a pro-active way is the directory password swap. No other system is changed, - just change the position of the directory '/ bin / passwd'. There are several utility programs and UNIX to the default directory password swap, such as "Matt Bishop's passwd" from darmouth.edu: / pub / security and "Mark Henderson's ANLpasswd" from info.mcs.anl.gov: / pub / systems.
Basically, each one password to change, programs will compare with the previous dictionary (and to gecos field), this is similar to the way the program works ceacker. When users choose a password that "weak", a pro-active program will force users to change their password option.
Without using a program pro-active, we must also mengkawatirkan attacks on the program cracker (on risetm, more than 15 years without a pro-active program, most users will choose passwords that are easy, can in the Crack, often a first name women). When the system relies on a shadow passwords to secure password we, the direktory '/ etc / shadow /' will be guaranteed vulnerable.
However, when using a pro-active password checker, we can announce to the world outside the names of the password vulnerable. Forcing the user to change their passwords regularly will also reduce the possibility uncover security.
Tidak ada komentar:
Posting Komentar