Encryption and Authentication
Originally, all Linux (and UNIX) systems used /etc/passwd to hold the username/password pair needed to authenticate a user and permit access. The password was saved as a DES (Data Encryption Standard) hash to prevent anyone from reading the actual password. DES uses a 13-character field, the first two characters acting as a salt for the DES algorithm.
The salt acts as a random number passed to the encrypting algorithm. Each salt will produce a different encryption for a particular password, so even if 100 users choose the same (obviously bad) password, examining the encrypted field would not make this apparent as long as each had a different salt. (Microsoft does not use this approach, so examining the encrypted ...
Get Special Edition Using Linux®, Sixth Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
