LX0-104 · Question #489
Why is /etc/shadow not world readable if the passwords are stored in an encrypted fashion?
The correct answer is A. The encrypted passwords are still subject to brute force attacks.. The /etc/shadow file is not world-readable because even encrypted password hashes are vulnerable to offline brute-force and dictionary attacks if an unauthorized user gains access to them.
Question
Options
- AThe encrypted passwords are still subject to brute force attacks.
- BThis is just for historical reasons.
- CThere is other information in the file that needs to be kept secret.
- DThe passwords can be decrypted by anyone with root access.
How the community answered
(38 responses)- A89% (34)
- B5% (2)
- C3% (1)
- D3% (1)
Why each option
The /etc/shadow file is not world-readable because even encrypted password hashes are vulnerable to offline brute-force and dictionary attacks if an unauthorized user gains access to them.
Although passwords are stored as hashes in /etc/shadow, not reversible encryption, these hashes can still be subjected to offline brute-force or dictionary attacks if an attacker obtains the file. Restricting read access to root prevents non-privileged users from attempting to crack password hashes, thus enhancing system security.
The restricted permissions of /etc/shadow are a fundamental security measure based on current best practices, not merely a historical artifact.
While /etc/shadow does contain other sensitive information like account expiration dates, the primary reason for its strict permissions is to protect the password hashes themselves from cracking attempts.
Password hashes cannot be "decrypted" in the traditional sense, even by root; root can reset or change passwords, but not retrieve the original plaintext password from its hash.
Concept tested: /etc/shadow security importance
Source: https://man7.org/linux/man-pages/man5/shadow.5.html
Topics
Community Discussion
No community discussion yet for this question.