[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Decrypt Unix Password File

To: [email protected]
Subject: Re: Decrypt Unix Password File
From: [email protected] (Dr.Dimitri Vulis KOTM)
Date: Tue, 23 Jul 96 08:35:43 EDT
Comments: Obscenities forbidden (18 U.S.Code 1462)
In-Reply-To: <[email protected]>
Organization: Brighton Beach Boardwalk BBS, Forest Hills, N.Y.
Sender: [email protected]

Jerome Tan <[email protected]> writes:

> How can I decrypt Unix password file?

If the /etc/passwd file does not use shadow passwords, then the second field
of each line contains the 'salt' and a value dependent on both the salt and
the secret password.

One can try to compute the function of all reasonable dictionary words with
the salts in the /etc/passwd file, and hope that some of them match the
values listed in the file.

There are many programs that do this, e.g., look for 'crack'.

This attack can be made more difficult if you force your users not to use
easy-to-guess passwords, and if you use something like NIS and shadowing to
make the public part of the passwords harder to get.

---

<a href="mailto:[email protected]">Dr.Dimitri Vulis KOTM</a>
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps

Follow-Ups:
- Re: Decrypt Unix Password File
  - From: snow <[email protected]>

References:
- Decrypt Unix Password File
  - From: Jerome Tan <[email protected]>

Prev by Date: Re: Borders *are* transparent
Next by Date: Re: Distributed DES crack
Prev by thread: Decrypt Unix Password File
Next by thread: Re: Decrypt Unix Password File
Index(es):
- Date
- Thread