Skip to main content

Hvordan vet Linux at et nytt passord er lik den gamle?

Hvordan vet Linux at et nytt passord er lik den gamle?

Geoffrey Carr

Hvis du noen gang har mottatt en melding om at ditt nye passord er for likt det gamle, kan du være nysgjerrig på hvordan ditt Linux-system vet at de er for mye like. Dagens SuperUser Q & A innlegg gir et glimt bak "magisk gardin" på hva som skjer for en nysgjerrig leser.

Dagens Spørsmål & Svar-sesjon kommer til oss med høflighet av SuperUser-en underavdeling av Stack Exchange, en fellesskapsdrevet gruppering av Q & A-nettsteder.

Skjermbilde høflighet av marc falardeau (Flickr).

Spørsmålet

SuperUser-leser LeNoob ønsker å vite hvordan et Linux-system "vet" at passordene er for likte hverandre:

I tried to change a user password on various Linux machines a few times and when the new password was much like the old one, the operating system said that they were too similar.

I have always wondered, how does the operating system know this? I thought passwords were saved as a hash. Does this mean that when the system is able to compare the new password for similarity to the old one that it is actually saved as plain text?

Hvordan vet et Linux-system at passordene er for likte hverandre?

Svaret

SuperUser-bidragsyter slhck har svaret for oss:

Since you need to supply both the old and new passwords when using passwd, they can be easily compared in plain text.

Your password is indeed hashed when it is finally stored, but until that happens, the tool where you are entering your password can just access it directly.

This is a feature of the PAM system which is used in the background of the passwd tool. PAM is used by modern Linux distributions. More specifically, pam_cracklib is a module for PAM that allows it to reject passwords based on similarities and weaknesses.

It is not just passwords which are too similar that can be considered insecure. The source code has various examples of what can be checked, such as whether a password is a palindrome or what the edit distance is between two words. The idea is to make passwords more resistant against dictionary attacks.

See the pam_cracklib manpage for more information.

Sørg for å lese gjennom resten av den livlige diskusjonen over hos SuperUser via emnetråden som er koblet under.


Har du noe å legge til forklaringen? Lyder av i kommentarene. Vil du lese flere svar fra andre tech-savvy Stack Exchange-brukere? Sjekk ut hele diskusjonstråden her.

Link
Plus
Send
Send
Pin