Is it a good idea to store sensitive information as a plaintext character array? What are some alternatives? How does the Linux login program handle storing user passwords?
Never. Storing sensitive information in the form of plain text is never appreciated. The value of information like passwords are very critical since they act as a key to our primary data sources. The passwords stored in plain text form can be easily accessed and also if they are subjected to reach wrong hands it may result in the loss of sensitive information and even led to the misuse of these kind of information.
In a real life situation if the sensitive information are stored as it is, usually cyber attackers can reach your data, access them. When it comes to online transactions or banking transactions these kind of information as it is can cause financial losses in huge amounts as we have read out in different news articles as always. Lot of viruses or trojan horses which may be infected via internet,email,removable storage devices etc will be very powerful enough to capture and handle these information with a high vulnerability. So it is always advised to store sensitive content of your organisation, personal sensitive content like passwords etc in a more secure form.
The major way to protect the sensitive information is by avoiding storing them in plain text format. It is always recommended to store these kid of information encrypted, Encryption is a kind of computer coding of information with high sensitive content. Actual data is converted to an unrecognizable format by using several algorithms or encryption techniques. This data is only accessible to the owners in their original format. Thus the converted data called cipher text can be only detected by converting them back to plain text by using algorithms. The virus programs or online frauds cannot easily decode these cipher texts and thus they are less vulnerable to attacks and thus preventing financial loss and increased productivity.
Linux stores passwords under etc/passwords folder which of course encrypted. Nowadays etc/shadow is used for the storage of more passwords which are stored in hash codes( encrypted forms). The algorithm used depends on the system and version of the linux distribution used. Most common algorithms includes SHA,RSA etc
Is it a good idea to store sensitive information as a plaintext character array? What are...