Results 1 to 6 of 6

Thread: Security of ubuntu login password?

  1. #1
    Join Date
    May 2011
    Beans
    76

    Security of ubuntu login password?

    Dumb question: how secure is the ubuntu login password? It's not stored in a file somewhere for example easily accesible if someone stole my harddrive? I know it can be reset, but I was more worried about the actual password being revealed. Is there little danger aside from a keylogger capturing?

  2. #2
    Join Date
    Nov 2010
    Location
    India
    Beans
    Hidden!
    Distro
    Ubuntu 15.10 Wily Werewolf

    Re: Security of ubuntu login password?

    Ubuntu password will store in Directory where root only can access it. The password will store in a encrypted manner so it will not be in a direct readable text. Even harddisk stolen due to bad luck unless they dont know the encrypted key they cant decrypt text.
    Dont miss anything even it is small. one small pin is enough to bring down a man.


  3. #3
    Join Date
    Apr 2012
    Beans
    6,623

    Re: Security of ubuntu login password?

    The passwords in /etc/shadow are hashed not encrypted - there is no "encrypted key" that decrypts them - see http://en.wikipedia.org/wiki/Cryptog...d_verification for example

    AFAIK the default is salted SHA-512 - see https://wiki.ubuntu.com/Security/Features

  4. #4
    Join Date
    Jul 2008
    Beans
    2,887

    Re: Security of ubuntu login password?

    Still it's easy to by-pass the main account and create a new one.

    When you boot, hold down the Shift key until you get the Grub menu.

    Choose the item (usually the second one) that reads, "Ubuntu, with Linux ... (recovery mode)".

    When it boots, select the option "root -- Drop to root shell prompt".

    You will see a flashing cursor. Type the following and press Enter:

    Code:
    passwd user
    but replace "user" with your username. Type the new password when prompted (twice).

    Then press Ctrl-Alt-Delete to reboot normally.

  5. #5
    Join Date
    Sep 2008
    Location
    Chicago
    Beans
    Hidden!
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Security of ubuntu login password?

    Quote Originally Posted by abexman View Post
    Dumb question: how secure is the ubuntu login password? It's not stored in a file somewhere for example easily accesible if someone stole my harddrive? I know it can be reset, but I was more worried about the actual password being revealed. Is there little danger aside from a keylogger capturing?
    Passwords are hashed according to the equate in ENCRYPT_METHOD in the file /etc/login_defs. Ubuntu 12.04 uses SHA512, which is is regarded as safe in the security community, although no perfect cypher exists except for the one-time pad. Keyloggers are always a threat.
    Last edited by whitesmith; March 15th, 2014 at 04:04 PM.
    In working with *nix...There be dragons. Newcomers: I recommend reading Linux is Not Windows (http://linux.oneandoneis2.org/LNW.htm) and The Linux Command Line (http://www.linuxcommand.org/tlcl.php) before beginning your quest for a better OS.

  6. #6
    Join Date
    Sep 2008
    Location
    Chicago
    Beans
    Hidden!
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Security of ubuntu login password?

    @abexman: If these responses answer your question, please use thread tools to close the thread. Thanks!
    In working with *nix...There be dragons. Newcomers: I recommend reading Linux is Not Windows (http://linux.oneandoneis2.org/LNW.htm) and The Linux Command Line (http://www.linuxcommand.org/tlcl.php) before beginning your quest for a better OS.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •