Wednesday, January 13, 2010

How to protect your Linux ? password

Goal: In this article, we will check that your password are present in the good file and we will test the strength of your password.


Step 1 : Be sure that your password are in the correct file

If you open /etc/passwd, they should be like that
:

root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/bin/false

daemon:x:2:2:daemon:/sbin:/bin/false

adm:x:3:4:adm:/var/adm:/bin/false

toto:x:500:100::/home/damitux:/bin/bash



The "x" confirms that password are in other file : /etc/shadow.If you didn't see x but some strange characters, you have to use pwconv.


Note : The format of this file is username:password:userid:groupeid:account_name:user_directory:shell


It's /etc/shadow which contents password :

root:$6$/oxwgEtd$8qxL1XfoR5QW7xtduZyaopknIV6ETEBj5fDvGjdPvDO3TYlTRQOQkYvWrJoiPtyjYfYYkgLyJHpT6oq0nAvef.:14583:0:::::

bin:!!:9797:0:::::

daemon:!!:9797:0:::::

toto:$1$u1fuA5jK$wZFULlHT/Sd8FhBv9GZhi1:14213:0:::::0



You can see severeal fields but only two interest us :
- First field contents the user name.

- The second contents the password.


You can note that password begin with $chiffre$.It permits to say which encryption is used :

SHA-512 == $6$

MD5 == $1$

SHA-256 == $5$



Etape 2 : Check password strength

To test your password, you can use John the ripper


emerge app-crypt/johntheripper

unshadow /etc/passwd /etc/shadow > testpwdmd5

john --show testpwdmd5



Note :
- You have to hit enter to check what it's doing.
- When it finishs it writes you user and password if it finds it.
- It will not search root password because the encryption of it is
$6$ SHA-512.So you have to look on web site JohnTheRipper if there are patchs.

No comments:

Post a Comment