Which file contains the actual password hashes on modern Linux systems?

Study for the SANS560 GIAC Penetration Tester (GPEN) Test. Study with flashcards and multiple choice questions, each question has hints and explanations. Get ready for your exam!

Multiple Choice

Which file contains the actual password hashes on modern Linux systems?

Explanation:
On modern Linux systems, the actual password hashes are stored in /etc/shadow. This separation from /etc/passwd is intentional for security: /etc/shadow is readable only by root, while /etc/passwd is world-readable and contains user account information. When shadow passwords are in use, the password field in /etc/passwd typically contains a placeholder (like an x), and the real hash plus salt lives in /etc/shadow along with password aging data. The other paths listed aren’t related to password hashes: /usr/share/dictionaries is for word lists, and /var/log holds logs. Some environments use centralized authentication, but for local accounts, /etc/shadow is where the actual hashes reside.

On modern Linux systems, the actual password hashes are stored in /etc/shadow. This separation from /etc/passwd is intentional for security: /etc/shadow is readable only by root, while /etc/passwd is world-readable and contains user account information. When shadow passwords are in use, the password field in /etc/passwd typically contains a placeholder (like an x), and the real hash plus salt lives in /etc/shadow along with password aging data. The other paths listed aren’t related to password hashes: /usr/share/dictionaries is for word lists, and /var/log holds logs. Some environments use centralized authentication, but for local accounts, /etc/shadow is where the actual hashes reside.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy