Operating System - HP-UX의 주제 Account Password Decryption

Account Password Decryption

Geoffrey Wells — Mon, 31 Jul 2000 17:00:50 GMT

I need to write an application that reads in a user's password and verifies it against the users account in /etc/passwd. I know getpwnam() will get the entry by name, but how do you decrypt the password for comparision?

Re: Account Password Decryption

Mike Stroyan — Mon, 31 Jul 2000 17:31:47 GMT

You actually need to encrypt the password and compare the result to the encrypted value from getpwnam(). I have attached an example.
The getpwnam() call won't work for systems that are converted to trusted mode. They require the use of getprpwent() and the privilege to read the passwords.

Re: Account Password Decryption

Rick Garland — Mon, 31 Jul 2000 18:25:02 GMT

The use of ssh sounds like an option. Can be obtained from the porting archieve.

Re: Account Password Decryption

Bill Hassell — Mon, 31 Jul 2000 22:02:06 GMT

Unix passords cannot be decoded. The encryption method is lossy which means that not enough information is left in the encrypted password to accurately decode it. When a user logs in, the same method is used to encrypt what the user types and the result compared with the password file. If they are the same, the password is assumed to be the same. In reality, there can be many passwords that will produce the same encrypted result, but most of the time, the clones will be very unusual paswords like: 5d87GhhOL which are impossible to guess. Unix passwords are not decoded by hackers, they are guessed.