Some questions

Xan DXpublica at telefonica.net
Thu Aug 4 06:48:29 CDT 2005


Dimecres 03 Agost 2005 13:17, en/na Alexandre Strube (<Alexandre Strube 
<surak at surak.eti.br>>) va escriure:
>>Re: Some questions
>
> Em Qua, 2005-08-03 às 10:05 +0200, Xan escreveu:
> > > It already has... sort of. Put a blank cd and a "cd/dvd recorder"
> > > nautilus window will pop up.
> >
> > Mmmm. It's not exactly what I want, but it's more than nothing. ;-)
>
> What exactly do you want? I didn't get it from our original post.

Yes. I wanted that 1) I insert blank cd in cd/dvd recorder, 2) nautilus do 
nothing (as if I insert a "blank disquette") 3) I can open "computer" window, 
open cd icon and drag and drop files I want (for example in my desktop) to 
save in cd-rom. 4) Then, nautilus window pop-up....

And what's about multisession cd's?. When we insert multisession cd with 
avaliable space, do nautilus put another session for new data?. Is it 
automatically detected?

>
> > > > 4) How passwords work in linux?. Can anyone explain me in high detail
> > > > or show me references. I would like to think of public/private key
> > > > cryptosystems in linux, but for that I want to know what's exactly
> > > > what happens know with passwords: how these are formed and where are
> > > > located.
> > >
> > > Essentially, they are located at the /etc/shadow file. But linux works
> > > with PAM - Pluggable Authentication Modules - which enables you to
> > > change the way linux passwords are dealt with ease.
> >
> > Can you give me references?. Exactly/essentially how this works?
>
> The original system was a file located at /etc/passwd. This was a simple
> hash from password, which means you cannot revert the password from the
> key, but you can easily use brute-force methods.

I read this hash function is DES. I think that the process is essentially 
that: when you type the password in the login screen, name p, then system 1) 
forms a word formed by zeros from p, 2) applies DES several times to that 
zero-chain and 3) compares the result of the process with the string 
in /etc/shadow. If equal, you login, if not, you out of system ;-)

Well, I think of substition of this procedure for any private/public key 
crytosystem (like RSA; see 
http://en.wikipedia.org/wiki/Public_key_cryptography for more details). With 
that the system saves public keys in a file (for example /etc/publickeys). 
When login, you type your private key and the system calculates with 
publickeys if you do wright.

This procedure is potentially good (better?). For example, I think of having 
central sever of public keys and when login computer connects to that for 
getting public keys. And for example, we could integrate public key of kmail 
with public key of login, ....

Well, I'm not expert. I'm only a person who cares about security. Perhaps 
ubuntu people could study it. I think that it has potentially good things.

Thanks,
Xan.

>
> Today, when using /etc/shadow, the process is said to be more secure. I
> don't have more details than that.
>
> PAM is a module which provides several methods of authentication, like
> ldap, postgres, windows and several others. You can specify this not
> only for login, but in a per program basis.
>
> Try typing "man pam.d" in a linux terminal. You will get the idea.



More information about the ubuntu-devel mailing list