GCIH · Question #715
Which encryption algorithm was replaced with the introduction of the /etc/shadow file in the Linux OS?
The correct answer is A. DES. Before the /etc/shadow file was introduced, Linux stored password hashes directly in /etc/passwd using DES-based crypt() encryption. The shadow file system replaced this approach to improve security and enable stronger hashing algorithms.
Question
Which encryption algorithm was replaced with the introduction of the /etc/shadow file in the Linux OS?
Options
- ADES
- BMD5
- CSHA-256
- DBlowfish
How the community answered
(34 responses)- A88% (30)
- B6% (2)
- C3% (1)
- D3% (1)
Why each option
Before the /etc/shadow file was introduced, Linux stored password hashes directly in /etc/passwd using DES-based crypt() encryption. The shadow file system replaced this approach to improve security and enable stronger hashing algorithms.
The original Unix password hashing used the crypt() function based on DES, and hashes were stored world-readable in /etc/passwd. The introduction of /etc/shadow moved password hashes to a root-readable-only file, replacing the DES-crypt scheme and enabling support for stronger algorithms such as MD5 and later SHA-256 and bcrypt. DES is therefore the algorithm that was in use prior to and replaced by the shadow file infrastructure.
MD5 was adopted as a password hashing option after /etc/shadow was introduced, not before it - it represents a successor algorithm enabled by the shadow file system, not the one it replaced.
SHA-256 is a modern hashing algorithm that was incorporated into Linux PAM and shadow utilities long after /etc/shadow already existed, making it a later improvement rather than a predecessor.
Blowfish-based bcrypt is a relatively modern password hashing scheme that became available as an option in shadow-compatible systems, not the legacy algorithm that shadow replaced.
Concept tested: Linux /etc/shadow DES password hash replacement
Source: https://www.man7.org/linux/man-pages/man5/shadow.5.html
Topics
Community Discussion
No community discussion yet for this question.