1
00:00:00,440 --> 00:00:09,620
‫In Linux systems, the ETSI Shadow file stores actual passwords in encrypted format, more like the

2
00:00:09,620 --> 00:00:15,350
‫hash of the password for users account with additional properties related to the user password.

3
00:00:16,040 --> 00:00:19,250
‫Basically, it stores secure user account information.

4
00:00:20,340 --> 00:00:23,160
‫All fields are separated by colon symbol.

5
00:00:24,030 --> 00:00:31,200
‫And it contains one entry per line for each user listed in the Etsy password file.

6
00:00:32,040 --> 00:00:35,820
‫Generally, shadow file entry looks as seen in the slide.

7
00:00:37,010 --> 00:00:42,710
‫So let's see the fields of a typical Linux hash values most probably gathered from the shadow file.

8
00:00:43,640 --> 00:00:48,650
‫Just like in windows, local hashes, fields are separated by colons in the Linux hashes.

9
00:00:49,600 --> 00:00:55,480
‫The first field is username, your log, your name, the second field is your encrypted password.

10
00:00:56,050 --> 00:01:03,580
‫Usually, the password format is set to dollar ID $ $80 hash.

11
00:01:03,940 --> 00:01:08,080
‫The ID is the algorithm used on going to Linux as follows.

12
00:01:10,030 --> 00:01:12,520
‫Dollar one dollar is MD5.

13
00:01:13,670 --> 00:01:16,430
‫Dollar to a dollar is blowfish.

14
00:01:17,430 --> 00:01:20,400
‫Dollar to why dollar is blowfish.

15
00:01:21,470 --> 00:01:29,150
‫Dollar five S. Dollar is a 256 dollar, $6, is 512.

16
00:01:30,070 --> 00:01:34,120
‫Now, the third field is the date that the password was last modified.

17
00:01:35,150 --> 00:01:39,500
‫The fourth field is the minimum number of days required between password changes.

18
00:01:40,070 --> 00:01:45,890
‫That is, the number of days left before the user is allowed to change his or her password.

19
00:01:47,000 --> 00:01:51,080
‫The fifth field is the maximum number of days a password is valid.

20
00:01:51,710 --> 00:01:54,830
‫After that, the user is forced to change his or her password.

21
00:01:55,750 --> 00:02:02,590
‫The sixth field is the number of days before the password is to expire, that user is warned that his

22
00:02:02,590 --> 00:02:04,120
‫or her password must be changed.

23
00:02:04,930 --> 00:02:08,620
‫Now there are two more fields in the line which are blank in this example.

24
00:02:09,280 --> 00:02:16,330
‫The seventh field is called inactive, which is the number of days after password expires that the account

25
00:02:16,330 --> 00:02:17,290
‫is disabled.

26
00:02:18,240 --> 00:02:26,520
‫And the last field is called expire, which indicates the days since one January 1970 that the account

27
00:02:26,520 --> 00:02:27,240
‫is disabled.

28
00:02:27,630 --> 00:02:32,940
‫That is an absolute date, specifying when the log in may no longer be used.