On modern linux there is a difference: the passwd file is world-readable and contains the usernames, groups, shells, homes, etc. But the hashes are stored in the shadow file, which is only readable by root. -rw-r--r-- 1 root root 1838 2007-07-26 07:50 /etc/passwd -rw------- 1 root root 2072 2007-08-12 16:09 /etc/shadow
Should we s/encrypted/hashed ? MD5 or SHA1 aren't encryption.
--Stereo 10:21, 2005 May 2 (UTC)
The encryption used by UNIX systems isn't an encryption in the sense that there is an available decryption. It's a one-way hash which just so happens to use a modified DES encryption to do the work. This isn't relevant to shadowed passwords alone as all UNIX-compatible systems use the same scheme. So ... perhaps a discussion of UNIX-compatible password encryptions belongs somewhere else?
Anyone interested in a history of Linux password shadowing? Would that be a nice addition?
Tall Girl 18:51, 10 February 2006 (UTC)
Yes, that would be very nice. --Stereo 12:13, 14 February 2006 (UTC)
Doesn't this mean that anyone can obtain a full list of user accounts under Unix, plus any other information available, like default group, full name, password expiration etc? This data isn't half as sensitive as the password hashes, of course, but it still seems uncomfortably useful to an attacker. Is this data shadowed as well or world-readable? The latter seems to violate the principle of least privilege. 126.96.36.199 17:36, 23 April 2007 (UTC)
- Slightly off-topic, but the /etc/passwd file is not always used. This can be replaced (via PAM, for example) by an LDAP or (My)SQL server. This then alleviates the task of authentication from /etc/passwd to a more fine-tunable database with per-user access. Of course the problem then is that every user still have a homedirectory which (usually) reflects their username. But this too can be prevented by auto-mounting user homedirs on login and auto-dismounting them after logout. NoobX 09:16, 11 September 2007 (UTC)
- There are a myriad of ways to remove the user ID information from the system, with the oldest in the UNIX domain being "NIS" (formerly "Yellow Pages") from Sun Microsystems. There's also a method that's patent pending where the user ID used to sign in has no relationship to the user ID that the user is known by. The objective of that invention is that user "tallgirl" does not authenticate to the system using "tallgirl", but rather as a name which they (me) are able to change, and which is not otherwise available. As for violating least-privilege by allowing user information to be freely available, least privilege doesn't determine if something should or shouldn't be concealed, it only applies to the amount of privilege a process must have, at the absolute minimum, to perform its tasks. Tall Girl (talk) 03:01, 13 December 2008 (UTC)
Blowfish a cipher, not a hash
Should the title of this page really be "Shadow password", instead of something like "shadow (file)" (in line with passwd (file))? As far as I can see, this article is not about shadow passwords, but is instead about the shadow password database. — cdwn 21:07, 4 October 2012 (UTC)