1

Why is it necessary to store operating system passwords hashed? From what I've learned, passwords are stored on the hard drive/SSD in /etc/shadow. However, if a malicious agent was able to get access to this file, doesn't that mean they can potentially access all the user's other files? If so, what is the point of cracking the password if you already have access to everything?

To clarify, my initial thinking is that its a catch-22, you need the password to use the computer and view the password file but if you are viewing that file, you must already have broken in, and thus no longer need the password.

I understand that some people use their passwords in different places so having that information can be useful for a hacker, but I am more concerned with the purpose of having the password for the computer that was broken into. (And I am more thinking of in terms of personal computers, so its not guaranteed that the obtained password was used for other important things like bank accounts)

XANDER
  • 13
  • 4
  • 1
    From the link "we hash passwords to prevent an attacker with read-only access from escalating to higher power levels " https://security.blogoverflow.com/2011/11/why-passwords-should-be-hashed/ – saurabh Jul 06 '21 at 17:51
  • @saurabh You could probably convert that to an answer. – user Jul 06 '21 at 18:07
  • 1
    Does this answer your question? [Why is password hashing considered so important?](https://security.stackexchange.com/questions/41447/why-is-password-hashing-considered-so-important) – mentallurg Jul 07 '21 at 07:59
  • @mentallurg this is interesting but doesn't really answer my question, I am more thinking about the implication of getting the passwords to a computer than you have already broken into – XANDER Jul 08 '21 at 15:37
  • @XANDER password hashing will help with further damage containment even inside the local system if low level privileged user has access to hashes password. – saurabh Jul 08 '21 at 16:32

2 Answers2

3

In short, from the mentioned link

why-passwords-should-be-hashed

we hash passwords to prevent an attacker with read-only access from escalating to higher power levels

Now to your question, suppose if someone has access to /etc/shadow file and the file contains the password which the user has used at multiple machines/websites or the file contains the password for other high privileged users such as root (if shadow file is accessible by low privileged user).

For cracking a hashed password, an attacker has to spend adequate amount of time or even resources, which requires efforts (Some low-level hackers will not spend such efforts and target other resources). Now this time difference is useful since users can be alerted to change their password once a breach is detected. Basically, hashing will slow down the attack as well.

So, hashing a password helps with damage containment and stops or slows down further damage.

I recommend reading the above link for better understanding.

saurabh
  • 723
  • 1
  • 4
  • 12
0

Because people often reuse the same password. If I have everyone's password from a compromised computer, it's good odds that some of those paswords are the same on other machines.

user10216038
  • 7,552
  • 2
  • 16
  • 19