Operating System - HP-UX
1748163 Members
3638 Online
108758 Solutions
New Discussion юеВ

Re: A naughty question about passwd

 

A naughty question about passwd

Hi guys,

Pardon my ignorance, I know this might sound crazy, but is there any command or a way in
HP-UX which decrypts a user password and returns it as an ascii string.

bye,
Raghu.

Unix is not for those who donot love Unix!
7 REPLIES 7
Bill McNAMARA_1
Honored Contributor

Re: A naughty question about passwd

no password encryption is one way only..

You can try to crypt (man crypt) and see if you make a match..

Later,
Bill
It works for me (tm)
Peter Kloetgen
Esteemed Contributor

Re: A naughty question about passwd

Hi,

i hope there is nothing like that at all. It's bad enough, that password-cracking programs exist which do that job...

Allways stay on the bright side of life!


Peter
I'm learning here as well as helping
Justo Exposito
Esteemed Contributor

Re: A naughty question about passwd

Hi,

Information only:
http://www.ja.net/CERT/Belgers/UNIX-password-security.html

Regards,

Justo.
Help is a Beatiful word
Volker Borowski
Honored Contributor

Re: A naughty question about passwd

Hi there,

Technically no.

Good starters: look under users desk-mat, mouse-pad, wallet, post-its attached to monitors...

Keep in mind, that rarely users deal with operating system passwords. Quite common is, that any type of application is used, that has less proper techniques to store passwords (like XORing somthing that is stored in a flat file or a non-encrypted database table).

Cracking programms usually "try out" UNIX userpasswords based on rules and dictionaries.

On NT-Repairdisks, only the first 8 characters of a password are encrypted (Do not know if this was fixed with some service pack), so a user who intends to be very safe and chooses a longer password opens up a hole for human intelligence to "guess" the first 8 characters.

Do not know if this helps
Volker
Edward Alfert_2
Respected Contributor

Re: A naughty question about passwd

Take a look at http://www.newsforge.com/article.pl?sid=01/12/02/1527242

"The passwords .. are one way encrypted (hash-ed) through a password encryption function called 'crypt' using DES as the encryption algorithm. The good thing about 'hashing' is that you can not 'decrypt' the hashed passwrds because the function used for hashing cannot be reversed (one-way traffice)."

BUT...

you can use programs like Jack the Ripper to crypt words and compare the resulting string to the password you are trying to crack. If they match, you know the word. You can use a dictionary or any word list as the source to give jack the ripper. It will go through all the words to find a match.

The above is good to do as a sysadmin to make sure that none of your users has an EASY password. If jack the ripper can guess it, that it is too easy.
"Do what you love and you will never work a day in your life." - Confucius
Sanjay_6
Honored Contributor

Re: A naughty question about passwd

hi Raghu,

There is no way to decrypt the password in the /etc/passwd file.

Hope this helps.

Regds
Steven Sim Kok Leong
Honored Contributor

Re: A naughty question about passwd

Hi,

Unix crypt is a one-way hash function, irreversible. You can however run crack on the encrypted password. What crack does is to guess your ascii password (such as from a dictionary of words and number combinations) and compare the one-way hashes for a match.

Hope this helps. Regards.

Steven Sim Kok Leong