linux su不知道密码
If you have ever received a message that your new password is too similar to your old one, then you may be curious as to how your Linux system ‘knows’ they are too much alike. Today’s SuperUser Q&A post provides a peek behind the ‘magic curtain’ at what is going on for a curious reader.
如果您曾经收到过一条消息,说您的新密码与旧密码太相似,那么您可能会对Linux系统如何“知道”它们太相似感到好奇。 今天的“超级用户”问答文章提供了“魔术幕”背后的信息,以了解好奇的读者正在发生的事情。
Today’s Question & Answer session comes to us courtesy of SuperUser—a subdivision of Stack Exchange, a community-driven grouping of Q&A web sites.
今天的“问答”环节由SuperUser提供,它是Stack Exchange的一个分支,该社区是由社区驱动的Q&A网站分组。
Screenshot courtesy of marc falardeau (Flickr).
屏幕快照由Marc Falardeau(Flickr)提供 。
问题 (The Question)
SuperUser reader LeNoob wants to know how a Linux system ‘knows’ that passwords are too similar to each other:
超级用户读者LeNoob想知道Linux系统如何“知道”密码彼此之间太相似:
I tried to change a user password on various Linux machines a few times and when the new password was much like the old one, the operating system said that they were too similar.
我尝试几次在各种Linux机器上更改用户密码,但是当新密码与旧密码非常相似时,操作系统表示它们太相似了。
I have always wondered, how does the operating system know this? I thought passwords were saved as a hash. Does this mean that when the system is able to compare the new password for similarity to the old one that it is actually saved as plain text?
我一直想知道,操作系统如何知道这一点? 我以为密码被保存为哈希。 这是否意味着当系统能够将新密码与实际保存为纯文本的旧密码进行相似性比较时?
How does a Linux system ‘know’ that passwords are too similar to each other?
Linux系统如何“知道”密码彼此之间过于相似?
答案 (The Answer)
SuperUser contributor slhck has the answer for us:
超级用户贡献者slhck为我们提供了答案:
Since you need to supply both the old and new passwords when using passwd, they can be easily compared in plain text.
由于在使用passwd时需要同时提供旧密码和新密码,因此可以轻松地将它们以纯文本形式进行比较。
Your password is indeed hashed when it is finally stored, but until that happens, the tool where you are entering your password can just access it directly.
您的密码在最终存储时确实被散列了,但是在此之前,您输入密码的工具可以直接访问它。
This is a feature of the PAM system which is used in the background of the passwd tool. PAM is used by modern Linux distributions. More specifically, pam_cracklib is a module for PAM that allows it to reject passwords based on similarities and weaknesses.
这是PAM系统的功能,该功能在passwd工具的后台使用。 现代Linux发行版使用PAM。 更具体地说,pam_cracklib是用于PAM的模块,允许它基于相似性和弱点拒绝密码。
It is not just passwords which are too similar that can be considered insecure. The source code has various examples of what can be checked, such as whether a password is a palindrome or what the edit distance is between two words. The idea is to make passwords more resistant against dictionary attacks.
不仅仅密码太相似也可以被认为是不安全的。 源代码具有各种可检查内容的示例,例如密码是回文还是两个单词之间的编辑距离是多少。 这样做的目的是使密码更能抵抗字典攻击。
See the pam_cracklib manpage for more information.
有关更多信息,请参见pam_cracklib手册页 。
Make sure to read through the rest of the lively discussion over at SuperUser via the topic thread linked below.
确保通过下面链接的主题线程通读SuperUser上其余的生动讨论。
Have something to add to the explanation? Sound off in the comments. Want to read more answers from other tech-savvy Stack Exchange users? Check out the full discussion thread here.
有什么补充说明吗? 在评论中听起来不错。 是否想从其他精通Stack Exchange的用户那里获得更多答案? 在此处查看完整的讨论线程 。
翻译自: https://www.howtogeek.com/206656/how-does-linux-know-that-a-new-password-is-similar-to-the-old-one/
linux su不知道密码