Ubuntu – passwords saved

passwordsystem

This is a weird question to ask, but where are the passwords saved? I mean they must be somewhere for comparing every time. So where are system and network passwords saved?

Best Answer

System account passwords can be found in /etc/shadow. You need root privileges to read the file. The passwords are hashed with SHA. Additional information can be found on the corresponding manpages.

Network or wifi passwords can be found in /etc/NetworkManager/system-connections. There is a file for each connection with its configuration, also you need root privileges to read them but the password isn't encrypted.

Passwords handled by Gnome's password store, the Gnome Keyring, are stored in ~/.gnome2/keyrings. The files are not human readable and should be accessed with Gnome's default password manager Seahorse. On older systems (before precise/12.04) wifi passwords were stored in Gnome Keyring and PINs for Mobile Broadband are still stored there.

Related Solutions

Ubuntu – Where are passwords stored

Passwords aren't stored themselve. They are transformed by a function, and the so produced value, which is called hash, is stored.

If you login, the same function is performed on your input, and the generated value compared with the one in the stored value in the /etc/shadow file.

The function is of a kind, which is hard to invert. So with the value in /etc/shadow, you can not calculate the original password, and the key in there is not helpful for login - you need the password.

With brute force, you can try to generate such a password, and for common names like 123456, password, asdf, secret, 1111 and so on, the shadow-values are already well known, and stored in so called rainbow-tables.

To prevent attacks with rainbow-tables, the password-function can use a salt, which influences the result, which means that every password uses a different salt, stored in the first two bytes of the password hash string (thanks to psusi, who corrected me), so that you would need a different rainbow-table for every password, which is not very practical - it takes too long to generate them, and is expensive.

I'm not sure, whether ubuntu uses a salt. We can wait for somebody who explains it to us, or you could generate the same user with the same password on two machines, and compare the value in /etc/shadow.

Ubuntu – How to extract saved password from Remmina

I was able to use the Go solution by @michaelcochez to decrypt it with Python:

import base64
from Crypto.Cipher import DES3

secret = base64.decodestring('<STRING FROM remmina.prefs>')
password = base64.decodestring('<STRING FROM XXXXXXX.remmina>')

print DES3.new(secret[:24], DES3.MODE_CBC, secret[24:]).decrypt(password)

Best Answer

Related Solutions

Ubuntu – Where are passwords stored

Ubuntu – How to extract saved password from Remmina

Related Question