As subtle as a flying brick.

Posts tagged “Password


Linux turn OFF password expiration / aging

/etc/shadow stores actual password in encrypted format for user’s account with additional properties related to user password.

The password expiration information for a user is contained in the last 6 fields. Password expiration for a select user can be disabled by editing the /etc/shadow file

However I recommend using chage command. The chage command changes the number of days between password changes and the date of the last password change.

This information is used by the system to determine when a user must change his/her password.

To list current aging type chage command as follows:

# chage -l vivek


Last password change                                    : August 23, 2013
Password expires                                        : never
Password inactive                                       : never
Account expires                                         : never
Minimum number of days between password change          : 0
Maximum number of days between password change          : 99999
Number of days of warning before password expires       : 7

To disable password aging / expiration for user foo, type command as follows and set:

Minimum Password Age to 0
Maximum Password Age to 99999
Password Inactive to -1
Account Expiration Date to -1

Interactive mode command:

# chage username


# chage -I -1 -m 0 -M 99999 -E -1 username

Understanding /etc/shadow file

Q. Can you explain /etc/shadow file used under Linux or UNIX?

A. /etc/shadow file stores actual password in encrypted format for user’s account with additional properties related to user password i.e. it stores secure user account information.

All fields are separated by a colon (:) symbol. It has one entry per line for each user listed in /etc/passwd file Generally, shadow file entry looks as follows:


(Fig.01: /etc/shadow file fields)

  1. User name : It is your login name
  2. Password: It your encrypted password. The password should be minimum 6-8 characters long including special characters/digits
  3. Last password change (lastchanged): Days since Jan 1, 1970 that password was last changed
  4. Minimum: The minimum number of days required between password changes i.e. the number of days left before the user is allowed to change his/her password
  5. Maximum: The maximum number of days the password is valid (after that user is forced to change his/her password)
  6. Warn : The number of days before password is to expire that user is warned that his/her password must be changed
  7. Inactive : The number of days after password expires that account is disabled
  8. Expire : days since Jan 1, 1970 that account is disabled i.e. an absolute date specifying when the login may no longer be used

The last 6 fields provides password aging and account lockout features (you need to use chage command to setup password aging). According to man page of shadow – the password field must be filled. The encrypted password consists of 13 to 24 characters from the 64 character alphabet a through z, A through Z, 0 through 9, \. and /. Optionally it can start with a “$” character. This means the encrypted password was generated using another (not DES) algorithm. For example if it starts with “$1$” it means the MD5-based algorithm was used.

Crack Almost Any Electronic Safe with the Bounce Technique

If you have a digital safe with a passcode entry, a few things could go wrong. You could forget the code, the electronic mechanism could fail, or someone could change the code without you knowing. In the event you need to break into your own electronic safe, here’s how to do it.

The technique you use to crack an electronic safe is called safe bouncing (which is an accurate name once you see how it’s done). It’s apparently easy enough for a kid to do, but looks like it could take a bit of practice. As you can see in the video above, you literally drop part of the safe against the table (or whatever surface it’s resting upon) while turning the locking knob. If your timing is right, you’ll have turned the knob when the safe’s lock bounces open for a brief moment. This works because many cheaper safes have locks that lift. Better safes have counterweight mechanisms so the lock is held in place even when the safe is moving. You won’t be able to bounce those open, but you’ll have no problem with the lower-end options. If you’re successful, the deadbolts will recede into the safe’s door and you’ll be able to open it up.

While good for those times when you lose your passcode, it’s not so great for those times when someone tries to rob you. If you’re concerned about the safety of a given safe, you might want to try this bouncing technique before your purchase.