Shadow password
Encyclopedia
In computing
, Unix-like
operating systems use the shadow password database mechanism to increase the security level of passwords by restricting all but highly privileged users' access to encrypted password data. Typically, that data is kept in files owned by and accessible only by the super user
(i.e., on Unix-like systems, the root user, and on many others, the administrator account).
and Unix systems, or /etc/master.passwd on BSD systems; each is readable only by root. (Root access to the data is considered acceptable since on systems with the traditional "all-powerful root" security model, the root user would be able to obtain the information in other ways in any case). Virtually all recent Unix-like
operating systems use shadowed passwords.
holds the following user information for each user account:
The passwd
file is readable by all users so that name service switch can work (e.g., to ensure that user names are shown when the user lists the contents of a folder), but only the root user can write to it. This means that an attacker with unprivileged access to the system can obtain the hashed form of every user's password. Those values can be used to mount a brute force attack
offline, testing possible passwords against the hashed passwords relatively quickly without alerting system security arrangements designed to detect an abnormal number of failed login
attempts. Users often select passwords vulnerable to such password cracking
techniques.
With a shadowed password scheme in use, the /etc/passwd file typically shows a character such as '*', or 'x' in the password field for each user instead of the hashed password, and /etc/shadow usually contains the following user information:
While the most important information in the shadow file consists of the salt and the hashed password, the file usually contains other fields as well, such as the last time the password was changed, when the password will expire, and whether the account is disabled. The format of the shadow file is simple, and basically identical to that of the password file, to wit, one line per user, ordered fields on each line, and fields separated by colons. Many systems require the order of user lines in the shadow file be identical to the order of the corresponding users in the password file.
To modify the contents of the shadow file on most systems, users generally invoke the passwd program, which in turn largely depends on PAM
. For example, the type of hash used is dictated by the configuration of the pam_unix.so module. By default, the MD5
hash has been used, while current modules are also capable of stronger hashes such as blowfish
, SHA256 and SHA512.
Note that the shadow password file does not entirely solve the problem of attacker access to hashed passwords, as some network authentication schemes operate by transmitting the encrypted password over the network (sometimes in cleartext), making it vulnerable to interception. Copies of system data, such as system backups written to tape or optical media, can also become a means for illicitly obtaining hashed passwords. In addition, the functions used by legitimate password-checking programs need to be written in such a way that malicious programs cannot make large numbers of authentication checks at high rates of speed.
System administrators may also arrange for the storage of passwords in distributed databases such as NIS
and LDAP, rather than in files on each connected system. In the case of NIS, the shadow password mechanism is often still used on the NIS servers; in other distributed mechanisms the problem of access to the various user authentication components is handled by the security mechanisms of the underlying data repository.
In 1987 the author of the original Shadow Password Suite, Julie Haugh, experienced a computer break-in and wrote the initial release of the Shadow Suite containing the
operating system, quickly got ported to other platforms. The Shadow Suite was ported to Linux
in 1992 one year after the original announcement of the Linux project, and was included in many early distributions.
Computing
Computing is usually defined as the activity of using and improving computer hardware and software. It is the computer-specific part of information technology...
, Unix-like
Unix-like
A Unix-like operating system is one that behaves in a manner similar to a Unix system, while not necessarily conforming to or being certified to any version of the Single UNIX Specification....
operating systems use the shadow password database mechanism to increase the security level of passwords by restricting all but highly privileged users' access to encrypted password data. Typically, that data is kept in files owned by and accessible only by the super user
Superuser
On many computer operating systems, the superuser is a special user account used for system administration. Depending on the operating system, the actual name of this account might be: root, administrator or supervisor....
(i.e., on Unix-like systems, the root user, and on many others, the administrator account).
Shadowed passwords
Systems administrators can reduce the likelihood of such brute force attacks by making the list of hashed passwords unreadable by unprivileged users. The obvious way to do this is to make thepasswd database itself readable only by the root user. However, this would restrict access to other data in the file such as username-to-userid mappings, which would break many existing utilities and provisions. One solution is a "shadow" password file to hold the password hashes separate from the other data in the world-readable passwd file. For local files, this is usually /etc/shadow on LinuxLinux
Linux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds...
and Unix systems, or /etc/master.passwd on BSD systems; each is readable only by root. (Root access to the data is considered acceptable since on systems with the traditional "all-powerful root" security model, the root user would be able to obtain the information in other ways in any case). Virtually all recent Unix-like
Unix-like
A Unix-like operating system is one that behaves in a manner similar to a Unix system, while not necessarily conforming to or being certified to any version of the Single UNIX Specification....
operating systems use shadowed passwords.
Unshadowed passwords
On a system without shadowed passwords (typically older Unix systems dating from before 1990 or so), the passwd filePasswd (database)
passwd is a name service database used to store user account information on Unix-like operating systems.The sources for the passwd database are configured, like other name service databases, in nsswitch.conf.-Fetching a specific user entry:For a specific user called 'joe':getent passwd joeFor a...
holds the following user information for each user account:
- UsernameUser (computing)A user is an agent, either a human agent or software agent, who uses a computer or network service. A user often has a user account and is identified by a username , screen name , nickname , or handle, which is derived from the identical Citizen's Band radio term.Users are...
- SaltSalt (cryptography)In cryptography, a salt consists of random bits, creating one of the inputs to a one-way function. The other input is usually a password or passphrase. The output of the one-way function can be stored rather than the password, and still be used for authenticating users. The one-way function...
combined with the current hash of the user's password (usually produced from a cryptographic hash functionCryptographic hash functionA cryptographic hash function is a deterministic procedure that takes an arbitrary block of data and returns a fixed-size bit string, the hash value, such that an accidental or intentional change to the data will change the hash value...
) - Password expiration information
- User ID (UIDUser identifier (Unix)Unix-like operating systems identify users within the kernel by an unsigned integer value called a user identifier, often abbreviated to UID or User ID...
) - Default group ID (GIDGroup identifier (Unix)In Unix-like systems, multiple users can be categorized into groups. POSIX and conventional Unix file system permissions are organized into three classes, user, group, and others. The use of groups allows additional abilities to be delegated in an organized fashion, such as access to disks,...
) - Full name
- Home directoryHome directoryA Home directory is a file system directory on a multi-user operating system containing files for a given user of the system. The specifics of the home directory is defined by the operating system involved; for example, Windows systems between 2000 and 2003 keep home directories in a folder...
path - Login shell
The passwd
Passwd (file)
In Unix-like operating systems the /etc/passwd file is a text-based database of information about users that may login to the system or other operating system user identities that own running processes....
file is readable by all users so that name service switch can work (e.g., to ensure that user names are shown when the user lists the contents of a folder), but only the root user can write to it. This means that an attacker with unprivileged access to the system can obtain the hashed form of every user's password. Those values can be used to mount a brute force attack
Brute force attack
In cryptography, a brute-force attack, or exhaustive key search, is a strategy that can, in theory, be used against any encrypted data. Such an attack might be utilized when it is not possible to take advantage of other weaknesses in an encryption system that would make the task easier...
offline, testing possible passwords against the hashed passwords relatively quickly without alerting system security arrangements designed to detect an abnormal number of failed login
Logging (computer security)
In computer security, a login or logon is the process by which individual access to a computer system is controlled by identifying and authentifying the user referring to credentials presented by the user.A user can log in to a system to obtain access and can then log out or log off In computer...
attempts. Users often select passwords vulnerable to such password cracking
Password cracking
Password cracking is the process of recovering passwords from data that has been stored in or transmitted by a computer system. A common approach is to repeatedly try guesses for the password...
techniques.
With a shadowed password scheme in use, the /etc/passwd file typically shows a character such as '*', or 'x' in the password field for each user instead of the hashed password, and /etc/shadow usually contains the following user information:
- User login name
- saltSalt (cryptography)In cryptography, a salt consists of random bits, creating one of the inputs to a one-way function. The other input is usually a password or passphrase. The output of the one-way function can be stored rather than the password, and still be used for authenticating users. The one-way function...
and hashed password OR a status exception value e.g.:- "$id$salt$encrypted", where "$id" is the hashing algorithm used (On linux, "$1$" stands for MD5MD5The MD5 Message-Digest Algorithm is a widely used cryptographic hash function that produces a 128-bit hash value. Specified in RFC 1321, MD5 has been employed in a wide variety of security applications, and is also commonly used to check data integrity...
, "$2$" is BlowfishBlowfish (cipher)Blowfish is a keyed, symmetric block cipher, designed in 1993 by Bruce Schneier and included in a large number of cipher suites and encryption products. Blowfish provides a good encryption rate in software and no effective cryptanalysis of it has been found to date...
, "$5$" is SHA-256 and "$6$" is SHA-512, crypt(3) manpage, other Unix may have different values, like NetBSD). - "NP" or "!" or null - No password, the account has no password.
- "LK" or "*" - the account is Locked, user will be unable to log-in
- "!!" - the password has expired
- "$id$salt$encrypted", where "$id" is the hashing algorithm used (On linux, "$1$" stands for MD5
- Days since epochUnix timeUnix time, or POSIX time, is a system for describing instants in time, defined as the number of seconds elapsed since midnight Coordinated Universal Time of Thursday, January 1, 1970 , not counting leap seconds, which are declared by the International Earth Rotation and Reference Systems Service...
of last password change - Days until change allowed
- Days before change required
- Days warning for expiration
- Days before account inactive
- Days since Epoch when account expires
- Reserved
While the most important information in the shadow file consists of the salt and the hashed password, the file usually contains other fields as well, such as the last time the password was changed, when the password will expire, and whether the account is disabled. The format of the shadow file is simple, and basically identical to that of the password file, to wit, one line per user, ordered fields on each line, and fields separated by colons. Many systems require the order of user lines in the shadow file be identical to the order of the corresponding users in the password file.
To modify the contents of the shadow file on most systems, users generally invoke the passwd program, which in turn largely depends on PAM
Pluggable Authentication Modules
Pluggable authentication modules are a mechanism to integrate multiple low-level authentication schemes into a high-level application programming interface . It allows programs that rely on authentication to be written independent of the underlying authentication scheme...
. For example, the type of hash used is dictated by the configuration of the pam_unix.so module. By default, the MD5
MD5
The MD5 Message-Digest Algorithm is a widely used cryptographic hash function that produces a 128-bit hash value. Specified in RFC 1321, MD5 has been employed in a wide variety of security applications, and is also commonly used to check data integrity...
hash has been used, while current modules are also capable of stronger hashes such as blowfish
Blowfish (cipher)
Blowfish is a keyed, symmetric block cipher, designed in 1993 by Bruce Schneier and included in a large number of cipher suites and encryption products. Blowfish provides a good encryption rate in software and no effective cryptanalysis of it has been found to date...
, SHA256 and SHA512.
Note that the shadow password file does not entirely solve the problem of attacker access to hashed passwords, as some network authentication schemes operate by transmitting the encrypted password over the network (sometimes in cleartext), making it vulnerable to interception. Copies of system data, such as system backups written to tape or optical media, can also become a means for illicitly obtaining hashed passwords. In addition, the functions used by legitimate password-checking programs need to be written in such a way that malicious programs cannot make large numbers of authentication checks at high rates of speed.
History
Password shadowing first appeared in UNIX systems with the development of System V Release 3.2 in 1988 and BSD4.3 Reno in 1990. But, vendors who had performed ports from earlier UNIX releases did not always include the new password shadowing features in their releases, leaving users of those systems exposed to password file attacks.System administrators may also arrange for the storage of passwords in distributed databases such as NIS
Network Information Service
The Network Information Service, or NIS is a client–server directory service protocol for distributing system configuration data such as user and host names between computers on a computer network...
and LDAP, rather than in files on each connected system. In the case of NIS, the shadow password mechanism is often still used on the NIS servers; in other distributed mechanisms the problem of access to the various user authentication components is handled by the security mechanisms of the underlying data repository.
In 1987 the author of the original Shadow Password Suite, Julie Haugh, experienced a computer break-in and wrote the initial release of the Shadow Suite containing the
loginLogging (computer security)In computer security, a login or logon is the process by which individual access to a computer system is controlled by identifying and authentifying the user referring to credentials presented by the user.A user can log in to a system to obtain access and can then log out or log off In computer...
, passwdPasswd (command)passwd is a tool on most Unix and Unix-like operating systems used to change a user's password. The password entered by the user is run through a key derivation function to create a hashed version of the new password, which is saved...
and suSu (Unix)The su command, also referred to as super user substitute user, spoof user, set user or switch user, allows a computer operator to change the current user account associated with the running virtual console....
commands. The original release, written for the SCO XenixXenix
Xenix is a version of the Unix operating system, licensed to Microsoft from AT&T in the late 1970s. The Santa Cruz Operation later acquired exclusive rights to the software, and eventually superseded it with SCO UNIX ....
operating system, quickly got ported to other platforms. The Shadow Suite was ported to Linux
Linux
Linux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds...
in 1992 one year after the original announcement of the Linux project, and was included in many early distributions.
See also
- crypt(3) a library function
- Key derivation functionKey derivation functionIn cryptography, a key derivation function derives one or more secret keys from a secret value such as a master key or other known information such as a password or passphrase using a pseudo-random function...
- Unix securityUnix securityUnix security refers to the means of securing a Unix or Unix-like operating system. A secure environment is achieved not only by the design concepts of these operating systems, but also through vigilant user and administrative practices.- Permissions :...
- vipwVipwvipw is a small computer program which enables a Unix system administrator to comfortably edit the "passwd" and "Shadow password" files. It comes bundled in the "Shadow" software package....
, a utility to edit the password and/or shadow file
External links
- authconfig, a command-line tool for controlling the use of shadow passwords
- An example shadow file, showing the general layout of the file