topic Re: decrypt 4 digit passwd. in Operating System - HP-UX

decrypt 4 digit passwd.

Jaime Bolanos Rojas. — Mon, 06 Jul 2009 20:39:41 GMT

Hi guys, using /usr/lib/makekey I can decrypt my own known password, knowing my password, the salt and peper, for example:

echo "jaime123SP" | /usr/lib/makekey

But I am trying to do the same with a 4 digit password, but makekey is especting an 8 digit value, so I do not get it right.

How do you write the command to fill in the other 4 digits that the password does not have?

Regards,

Jaime.

Re: decrypt 4 digit passwd.

James R. Ferguson — Mon, 06 Jul 2009 20:46:40 GMT

Hi Jaime:

Instead of using 'makekey' you can let Perl do this thusly:

# cat ./pwgen
#!/usr/bin/perl -l
die "One arg expected\n" unless @ARGV;
print crypt(
$ARGV[0],
join( '',
( '.', '/', 0 .. 9, 'A' .. 'Z', 'a' .. 'z' )[ rand 64, rand 64 ] )
);
1;

...run as:

# ./pwgen plaintext

The script's output is your corresponding encrypted password.

Regards!

...JRF...

Re: decrypt 4 digit passwd.

Jaime Bolanos Rojas. — Mon, 06 Jul 2009 21:03:11 GMT

Thanks James,

I must be doing something wrong, the password is 1234

# ./pwgen 1234
/wbBjQGevNiU6
#
#
# pwget -n root
root:oLZx6qTytmexI:0:3::/:/sbin/sh
# ./pwgen 1234oL
vLzVSMAFApTr2

Strange, what am I doing wrong?

Regards,

Jaime.

Re: decrypt 4 digit passwd.

James R. Ferguson — Mon, 06 Jul 2009 23:34:54 GMT

Hi (again) Jaime:

> I must be doing something wrong, the password is 1234

And either 'makekey' or the Perl script I offered will encrypt that plaintext password as you saw.

If you have an encrypted password and want to see if it matches what you think it should you can do:

# perl -le '$plain=shift;$secret=shift or die;print "ok" if if crypt($plain,$secret) eq $secret' 1234oL VLzVSMAFApTr2

That is, pass the plaintext password followed by what the encrypted version should match. I used your data in the above example.

Regards,

...JRF...

Re: decrypt 4 digit passwd.

Jaime Bolanos Rojas. — Tue, 07 Jul 2009 13:01:00 GMT

Thanks James :-)

I though that for some reason this was not working for me, then I realized ( after 1:30 mins thinking) ( I donÂ´t even know how to program a "hello world" script ) why the perl scripts where not given me what I needed, they were working fine, I created a password with the pwgen script, and then use the second script to match the plain text the the encrypted password by the perl script. It worked fine :-)
The thing is that HP-UX puts this salt and pepper in my 4 digit password thatÂ´s the "SP" in the "jaime123SP".
The reason why I was having a hard time myself is because the perl script is not helping me find the corresponding plain text password/matching encrypted cypher because unix uses the makekey command to created the encrypted text and it adds a salt and pepper to the encrypted text, itÂ´s just I can not find the match because when using the command:

echo "1234SP" | /usr/lib/makekey

The makekey will add values to it because itÂ´s expecting an 8 bit digit plus the SP ( salt and pepper ).

Thanks again for the scripts, it was fun trying to understand them without knowing how to program :-).

If you know how to deal with the above problem, please let me know, I will be a happy man, even more :-)

Thanks James.

Regards,

Jaime.