- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: A naughty question about passwd
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-18-2002 04:08 AM
тАО02-18-2002 04:08 AM
A naughty question about passwd
Pardon my ignorance, I know this might sound crazy, but is there any command or a way in
HP-UX which decrypts a user password and returns it as an ascii string.
bye,
Raghu.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-18-2002 04:11 AM
тАО02-18-2002 04:11 AM
Re: A naughty question about passwd
You can try to crypt (man crypt) and see if you make a match..
Later,
Bill
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-18-2002 04:11 AM
тАО02-18-2002 04:11 AM
Re: A naughty question about passwd
i hope there is nothing like that at all. It's bad enough, that password-cracking programs exist which do that job...
Allways stay on the bright side of life!
Peter
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-18-2002 04:19 AM
тАО02-18-2002 04:19 AM
Re: A naughty question about passwd
Information only:
http://www.ja.net/CERT/Belgers/UNIX-password-security.html
Regards,
Justo.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-18-2002 05:00 AM
тАО02-18-2002 05:00 AM
Re: A naughty question about passwd
Technically no.
Good starters: look under users desk-mat, mouse-pad, wallet, post-its attached to monitors...
Keep in mind, that rarely users deal with operating system passwords. Quite common is, that any type of application is used, that has less proper techniques to store passwords (like XORing somthing that is stored in a flat file or a non-encrypted database table).
Cracking programms usually "try out" UNIX userpasswords based on rules and dictionaries.
On NT-Repairdisks, only the first 8 characters of a password are encrypted (Do not know if this was fixed with some service pack), so a user who intends to be very safe and chooses a longer password opens up a hole for human intelligence to "guess" the first 8 characters.
Do not know if this helps
Volker
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-18-2002 05:18 AM
тАО02-18-2002 05:18 AM
Re: A naughty question about passwd
"The passwords .. are one way encrypted (hash-ed) through a password encryption function called 'crypt' using DES as the encryption algorithm. The good thing about 'hashing' is that you can not 'decrypt' the hashed passwrds because the function used for hashing cannot be reversed (one-way traffice)."
BUT...
you can use programs like Jack the Ripper to crypt words and compare the resulting string to the password you are trying to crack. If they match, you know the word. You can use a dictionary or any word list as the source to give jack the ripper. It will go through all the words to find a match.
The above is good to do as a sysadmin to make sure that none of your users has an EASY password. If jack the ripper can guess it, that it is too easy.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-18-2002 05:39 AM
тАО02-18-2002 05:39 AM
Re: A naughty question about passwd
There is no way to decrypt the password in the /etc/passwd file.
Hope this helps.
Regds
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-18-2002 06:13 AM
тАО02-18-2002 06:13 AM
Re: A naughty question about passwd
Unix crypt is a one-way hash function, irreversible. You can however run crack on the encrypted password. What crack does is to guess your ascii password (such as from a dictionary of words and number combinations) and compare the one-way hashes for a match.
Hope this helps. Regards.
Steven Sim Kok Leong