[ILUG] Security (Telnet vulnerability & Password cracking)
phil at redbrick.dcu.ie
Thu May 10 15:07:59 IST 2001
John A. Kinsella's [John.Kinsella at ul.ie] 35 lines of wisdom included:
> 2) Is my Linux passwd file really vulnerable to a password cracker
> (not a dictionary attack, but genuine decryption)? Presumably this doesn't
> matter if I use ssh?...
It depends what form of encryption your Linux passwd file uses, md5
is much harded to crack for example than DES. DES is the old UNIX
encryption standard, however Linux supports this form of password
encrpytion for compatibility with older systems.
SSH is nothing to do with the passwd file on your system, SSH
basically lessens the chance of people sniffing your network traffic
and finding out your password when you're sending it over the
The way the normal login process works is that, you send your
username and password and they are then encrypted once they get to
the server, however in the inbetween, your password (if you are
using a protocol such as telnet) is sent in plaintext. If people are
watching/monitoring network traffic, your password can be seen.
If you're using a Linux machine, you should install the shadow
package, so that there are basically two password files
/etc/shadow and /etc/passwd ..
/etc/shadow is a file that contains the encrypted password and is
readable only by root, while, /etc/passwd is readable by everyone
and does not contain the password, merely an "x" where the password
field is, donating the password is shadowed.
More information about the ILUG