Hi
I read the following artivle
http://www.securityfocus.com/news/11355/2
which has prompted me to reconsider my security setup, it is a home
system but with open ssh ports and similar.
My specific question is this - What method/cryptography is used to
create the passwd hash under PAM ie. is it vunerable to rainbow type
hash tables.
-----snip---- ^^ article
RainbowCrack Online will offer 11 tables covering six different hash
algorithms, including LanMan, MD5, MySQL 323, and SHA-1
-----snip-----
now that said it is quite possible that I have got the wrong end of
the stick so to speak, ie. I know that PAM handles login etc but is it
PAM that generates the hash of my chosen password?
If so can I expand my question to ask what program and further what
algorithm is used to do this task.
This is for my system of course but I guess the principle can be
applied to many systems.
EDIT
As I was writing this I checked man passwd which seems to have
answered my question on the whole
---snip---
The UNIX System encryption
method is based on the NBS DES algorithm and is very secure.
---snip---
I have left my earlier question [more or less answered] just for some
confirmation, but the new point is -
Does the "NBS DES algorithm" come under the "salt" method? and is it
therefore immune to attacks of the hash table variety?
regards
stuart
ps. I know the above is a little disjointed but I am stumbling in the
dark a little here.
--
"There are 10 types of people in this world: those who understand
binary, those who don't"
--Unknown
--
gentoo-security@gentoo.org mailing list
I read the following artivle
http://www.securityfocus.com/news/11355/2
which has prompted me to reconsider my security setup, it is a home
system but with open ssh ports and similar.
My specific question is this - What method/cryptography is used to
create the passwd hash under PAM ie. is it vunerable to rainbow type
hash tables.
-----snip---- ^^ article
RainbowCrack Online will offer 11 tables covering six different hash
algorithms, including LanMan, MD5, MySQL 323, and SHA-1
-----snip-----
now that said it is quite possible that I have got the wrong end of
the stick so to speak, ie. I know that PAM handles login etc but is it
PAM that generates the hash of my chosen password?
If so can I expand my question to ask what program and further what
algorithm is used to do this task.
This is for my system of course but I guess the principle can be
applied to many systems.
EDIT
As I was writing this I checked man passwd which seems to have
answered my question on the whole
---snip---
The UNIX System encryption
method is based on the NBS DES algorithm and is very secure.
---snip---
I have left my earlier question [more or less answered] just for some
confirmation, but the new point is -
Does the "NBS DES algorithm" come under the "salt" method? and is it
therefore immune to attacks of the hash table variety?
regards
stuart
ps. I know the above is a little disjointed but I am stumbling in the
dark a little here.
--
"There are 10 types of people in this world: those who understand
binary, those who don't"
--Unknown
--
gentoo-security@gentoo.org mailing list