Ersatz Passwords

We modified how Linux-based operating systems store user’s passwords and incorporated a machine dependent machine function in the process. When an attacker steals the hashed passwords file (e.g., etc/shadow) and tries to crack the password, ersatz “fake” passwords are returned instead. The design of this tool can be found in this paper and the code, which was mainly developed by Christopher Gutierrez, can be found here.