The shadow file is used to protect passwords as it is only readable by root.
Most versions of Linux, such as Red Hat, use MD5 for password encryption.
Salts are needed to add a layer of randomness to the passwords.
Because the passwd file is world readable, passwords should be stored in the shadow file.
Password cracking programs such as John the Ripper work against the Linux OS; all they require is access to the encrypted passwords.
Linux passwords are usually salted. This means that they have had a second layer or randomness added so that no two users have the same encrypted password.
Rootkits can be divided into two basic types. Traditionally, rootkits replaced binaries such as ls, ifconfig, inetd, killall, login, netstat, passwd, pidof, or ps with trojaned versions. The second type of rootkit is the loadable kernel module (LKM). A kernel rootkit is loaded as a driver or kernel extension.
Tripwire is the most commonly used file integrity program. It performs integrity checking by using cryptographic checksums.