nerdexam
GIAC

GCIH · Question #715

Which encryption algorithm was replaced with the introduction of the /etc/shadow file in the Linux OS?

The correct answer is A. DES. Before the /etc/shadow file was introduced, Linux stored password hashes directly in /etc/passwd using DES-based crypt() encryption. The shadow file system replaced this approach to improve security and enable stronger hashing algorithms.

Vulnerability Exploitation & Privilege Escalation

Question

Which encryption algorithm was replaced with the introduction of the /etc/shadow file in the Linux OS?

Options

  • ADES
  • BMD5
  • CSHA-256
  • DBlowfish

How the community answered

(34 responses)
  • A
    88% (30)
  • B
    6% (2)
  • C
    3% (1)
  • D
    3% (1)

Why each option

Before the /etc/shadow file was introduced, Linux stored password hashes directly in /etc/passwd using DES-based crypt() encryption. The shadow file system replaced this approach to improve security and enable stronger hashing algorithms.

ADESCorrect

The original Unix password hashing used the crypt() function based on DES, and hashes were stored world-readable in /etc/passwd. The introduction of /etc/shadow moved password hashes to a root-readable-only file, replacing the DES-crypt scheme and enabling support for stronger algorithms such as MD5 and later SHA-256 and bcrypt. DES is therefore the algorithm that was in use prior to and replaced by the shadow file infrastructure.

BMD5

MD5 was adopted as a password hashing option after /etc/shadow was introduced, not before it - it represents a successor algorithm enabled by the shadow file system, not the one it replaced.

CSHA-256

SHA-256 is a modern hashing algorithm that was incorporated into Linux PAM and shadow utilities long after /etc/shadow already existed, making it a later improvement rather than a predecessor.

DBlowfish

Blowfish-based bcrypt is a relatively modern password hashing scheme that became available as an option in shadow-compatible systems, not the legacy algorithm that shadow replaced.

Concept tested: Linux /etc/shadow DES password hash replacement

Source: https://www.man7.org/linux/man-pages/man5/shadow.5.html

Topics

#DES#/etc/shadow#Linux password history#cryptography

Community Discussion

No community discussion yet for this question.

Full GCIH Practice