You are not logged in.

#1 2012-05-21 17:09:21

Kitkin15
Member
Registered: 2012-05-18
Posts: 76

Test with my Shadow File

So a few weeks back i watched a episode of Hac5, and i saw them move a SAM file from a Windows computer to a USB, and make the computer search on that USB for the password. Then they did the same thing with the Shadow file on Linux

So heres what i want to do:

Idea: Move my Shadow file to a microSD adapter, when i leave my computer pull the micro SD card out and put it in another location

Exacution: I need to know what file to edit that would allow me to tell the OS to look on the SD card
For example we will use: /media/sdba1/.shadow as the location for the Shadow file on the SD card. Though this is not the true location, this is just an example smile


This might seem stupid to some, but i want to test out and see if this is actually better for security reasons.

  ~Kitkin15

Last edited by Kitkin15 (2012-05-21 17:17:26)


~Kitkin15
I hate systemd. <3 initscripts <3

Offline

#2 2012-05-21 17:25:57

ewaller
Administrator
From: Pasadena, CA
Registered: 2009-07-13
Posts: 19,739

Re: Test with my Shadow File

What are you trying to do? Why?
You do realize that the password field is a crypytographic hash of the original passweord -- the original password cannot be reconstructed.


Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way

Offline

#3 2012-05-21 17:49:28

grim
Member
Registered: 2012-02-15
Posts: 41

Re: Test with my Shadow File

I think he wants to have a portable shadow file, so only the one yielding the card can log in to that system.
Kitkin15, just look into drive encryption tools like truecrypt and whatnot, way better than what you're thinking about now.

Offline

#4 2012-05-21 18:58:20

Kitkin15
Member
Registered: 2012-05-18
Posts: 76

Re: Test with my Shadow File

grim wrote:

I think he wants to have a portable shadow file, so only the one yielding the card can log in to that system.
Kitkin15, just look into drive encryption tools like truecrypt and whatnot, way better than what you're thinking about now.

Exactly what im trying to do, i will be using TrueCrypt to encrypt my hdd and other drives after i test this out though. I want to see how my system will act to this kind of a change.


When you log into your computer it asks for your information, which would my /home/username/.password which then will grab your password from /home/username/.shadow. (If i am correct)

I want the .password file to continue to look for the shadow file, but to search for it in the location i stated above.

It might not seem like the best idea, but i want to have some fun smile

  ~Kitkin15


~Kitkin15
I hate systemd. <3 initscripts <3

Offline

#5 2012-05-21 19:20:40

ewaller
Administrator
From: Pasadena, CA
Registered: 2009-07-13
Posts: 19,739

Re: Test with my Shadow File

Okay, I thought we might be trying to try and generate a hash collision off-line.  If so, I was going to get my moderator hammer out smile


Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way

Offline

#6 2012-05-21 21:01:38

Kitkin15
Member
Registered: 2012-05-18
Posts: 76

Re: Test with my Shadow File

ewaller wrote:

Okay, I thought we might be trying to try and generate a hash collision off-line.  If so, I was going to get my moderator hammer out smile


Lol naw, i just want to play around and test this out, i actually think it would be a good idea. I mean if the computer knows theres a password, yet it cant find where its saved at (Because the SD card has been taken out) Then there is no way to brute force the password.... Because you cant crack whats not there big_smile At least thats the idea, and thats what i want to do. I want to do this on my 2nd hdd and make a password list that would contain the password on the system, and see if its still able to crack even though the password is no longer on the device, and if any errors come up i want to know which errors they are.

If this is successful and it does prove to be uncrackable, then i want to try and do the same with an encrypted HDD thats encrypted with Truecrypt, which will take much longer then this.

If you were to successfully do this with the Truecrypt and the Shadow passwords, your computer would be (At least for right now) Completely un-crackable. Which would just be awesome, even if you had to reason to make your computer un-crackable, it would be something to brag about lol.

I love Arch, so i want to configure it as much as i can to make it run exactly as i need

Does anyone have any idea on how i could do this? My guess was it would have something to do with .password, and maybe i could try putting the location of the .shadow file instead of the "X" in place of password. I highly doubt that will work, so i want to see if anyone has any other ideas or opinions before i try that

  ~Kitkin15


~Kitkin15
I hate systemd. <3 initscripts <3

Offline

#7 2012-05-22 00:08:51

fsckd
Forum Fellow
Registered: 2009-06-15
Posts: 4,173

Re: Test with my Shadow File

It seems to me the location of /etc/shadow is hard coded. Look in shadow's source, file lib/defines.h, line 310, for the declaration #define SHADOW_FILE "/etc/shadow".

One idea, symlink. smile

(I haven't checked how the whole pam thing does passwords, someone with better knowledge could fill in.)


aur S & M :: forum rules :: Community Ethos
Resources for Women, POC, LGBT*, and allies

Offline

#8 2012-05-22 01:27:01

Smasher816
Member
Registered: 2012-03-15
Posts: 32
Website

Re: Test with my Shadow File


(Arch) Linux is user friendly, its just very selective of its friends

Offline

#9 2012-05-22 11:34:19

Kitkin15
Member
Registered: 2012-05-18
Posts: 76

Re: Test with my Shadow File

Ok that looks like enough for me to test this out big_smile

Ill post back when i set it up with how i did it, and if it worked or not, i should post back in a day or so smile

  ~Kitkin15


~Kitkin15
I hate systemd. <3 initscripts <3

Offline

#10 2012-05-22 17:38:51

JBorneu
Member
Registered: 2011-04-02
Posts: 5

Re: Test with my Shadow File

The problem with your "portable shadow file" is that it's security by obscurity. Physical access still grants total control of your computer to whoever bothers. The only thing that changes is that the attacker now has to create a shadow file with blank password hash values instead of delete the password hashes.

It's slightly more work, but the problem is still the same: when an attacker has physical access to a machine, the only defense you have left is full-disk encryption.

Offline

#11 2012-05-22 17:52:49

Kitkin15
Member
Registered: 2012-05-18
Posts: 76

Re: Test with my Shadow File

JBorneu wrote:

The problem with your "portable shadow file" is that it's security by obscurity. Physical access still grants total control of your computer to whoever bothers. The only thing that changes is that the attacker now has to create a shadow file with blank password hash values instead of delete the password hashes.

It's slightly more work, but the problem is still the same: when an attacker has physical access to a machine, the only defense you have left is full-disk encryption.


Lol that is completely true, but i was using encryption, and didnt have the portable shadow file, though you might not be able to break the encryption, you can still bruteforce the password.

As of right now my hdd is not encrypted, only because if this goes badly i want to have access to my computer to copy the backup .shadow just so i can fix the problem.

After this i will end up backing everything up and reinstalling arch (Or make a Ghost file) So i can encrypt my hdd, im not sure how to encrypt it on Arch, but im sure ill find a way lol


~Kitkin15
I hate systemd. <3 initscripts <3

Offline

#12 2012-05-22 19:43:58

JBorneu
Member
Registered: 2011-04-02
Posts: 5

Re: Test with my Shadow File

Kitkin15 wrote:

So i can encrypt my hdd, im not sure how to encrypt it on Arch, but im sure ill find a way lol


This is what you need: https://wiki.archlinux.org/index.php/Sy … _with_LUKS

BTW: A strong password is a passphrase. 8 words is much easier to remember than 8 random characters and it is much harder to brute force. Also, you can use a password and a keyfile on a thumbdrive for your encrypted system drive, that way an attacker would need both something you know (the passphrase) and something you have (the keyfile on thumbdrive / SD card / whatever) to get in.

Offline

#13 2012-05-22 22:41:15

Kitkin15
Member
Registered: 2012-05-18
Posts: 76

Re: Test with my Shadow File

JBorneu wrote:
Kitkin15 wrote:

So i can encrypt my hdd, im not sure how to encrypt it on Arch, but im sure ill find a way lol


This is what you need: https://wiki.archlinux.org/index.php/Sy … _with_LUKS

BTW: A strong password is a passphrase. 8 words is much easier to remember than 8 random characters and it is much harder to brute force. Also, you can use a password and a keyfile on a thumbdrive for your encrypted system drive, that way an attacker would need both something you know (the passphrase) and something you have (the keyfile on thumbdrive / SD card / whatever) to get in.

<3

Awesome, i had alot of trouble finding a way to encrypt it lol. It does seem like a very long process, but its definetly worth doing. Ill do this after i get my computer set up a bit more, then ill back all my partitions up and continue with encrypting smile


~Kitkin15
I hate systemd. <3 initscripts <3

Offline

Board footer

Powered by FluxBB