Sunday, January 27, 2013

UNIX password scheme

In most of the computer security contexts, user authentication is the fundamental building block and primary line of defense. User authentication is the basis for most type of access control and for user accountability.

Hashed passwords are widely used in UNIX like operating system. UNIX uses hashed password and salt value are used in UNIX like operating system. This password scheme is completely different form windows like operating system. Windows uses only encryption of passwords rather than like UNIX that’s why windows have not much of powerful authentication scheme. UNIX password scheme is explained below and fig 1 shows UNIX password scheme.

To load new password in system user have to select new password. This password is combined with the salt value. Salt values are of fixed length and can be anything like time, date etc. But latest implementation uses random number as a salt value. 

The password and salt value are given input to the hashed algorithm to produce fixed length of hashed value. The hashed value is then stored with the plain text copy of salt value in the password file for corresponding user ID. 
fig1.UNIX password scheme

When user attempts to log on to UNIX system, the user provides an ID and password. The operating system uses ID as index in password file and retrieves plain text salt value and encrypted password. The new provided password and salt value are given as input to encryption algorithm. Algorithm generates encrypted password which is compared with the encrypted value returned with salt value if the both matches then only log-in is allowed otherwise denied.

The other benefit of this mechanism is even if two users chooses same password it does not conflict because salt value for each user ID is different.