Password protection in Unix based systems

[Pfunk]

On most unix systems passwords are stored, encrypted, in the file etc/passwd. The command cat can be used to idsplay the encrypted passwords:
cat etc/passwd
But the encryption has long been crackable. A tool called John has long been availble. It runs in dos, and you can crack the average unix password in a couple of hours. A password shorter then four letters takes no time at all (make sure no passwords are this long). See the files section [index.cgi?files] for other crackers.
The way the programs work are by testing lots of passwords. Normally, to save time, a list of possible passwords in a file is used
!Make sure no users use common passwords that are easily guessed (god, america, slipnot)
If this doesnt work, the program trys an infinite combination of letters.
!Make sure no passwords are less than six letters long
After this security flaw was made widely known, shadowing in unix was enabled. This hides the passwords somewhere. Unfortunately, you can normally find the passwords using the commands "locate shadow"
You can see if the passwords are shadowed because in etc/passwd there will just be * where passwords should be.
!Exploits are very commonly used
Some hacker finds a bug in your firewall, posts it on the internet, teenagers find the bug and exploit it on your computer. Check bug tracking sites often.
More soon.

Also you dont have any of the default user/password combinations:
LOGIN PASSWORD
-----------------
root root
sys sys
daemon daemon
uucp uucp
tty tty
test test
unix unix
bin bin
adm adm
admin admin
who who
learn learn
uuhost uuhost
nuucp nuucp
finger finger
games games
user user