My question is if someone hacked privileges on /etc/shadow file , can he crack the passwords of the system users.
If yes , how can i secure more my passwords and how to make it difficult on a cracker to easily crack my users passwords .
Any Suggestion?
After research , i can answer this questions :
Can passwords be cracked : Yes
How : by using crack software like : John the Ripper security software which is open source and can be installed easily.
What should be the level of cracker : Newbie , because this software is pretty good and there are plenty of instructions on the net how to use it .
Here is How easy to use it to crack passwords! Link
What should i do to be more secure ?
1) Make sure you use SHA512 on your passwords instead of DES and md5 !
2) Use a password cracker to filter out weak passwords .
3) Use different passwords on different systems.
4) force users to change their passwords - the root password should be changed even more frequently!
5) Your passwords should be:
At least 8 characters long.
Have at least one number.
Have at least one non-alphanumeric character.
Not consist of a dictionary word.
Have both upper and lower case letters.
References : dankalia
