02-23-2009
Quote:
Originally Posted by
abir
Is there any way to get back clear text password from /etc/shadow encrypted data ??
Yeah, there are several programs that do this. The best available is called "john the ripper", JtR for short. It works by trying all possible passwords until it hits a match. Last November I started JtR running to try and crack a list of 168 passwords. (This is a security test and its part of my job. My manager knows I am doing this.) So far it has broken 9 passwords. It is slowing down. It breaks the easy passwords first. It's been over a month since password 9 was broken. My guess it that it will take several decades to break all 168. I'm using a somewhat souped up sunblade-1000. With a top of the line overclocked quad extreme rig, it could probably crack them all in under a decade.
9 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
hello ppl,
i've been coding a perl script for xchat and i need to store the nick's passwords. i was wondering which encryption to use. picture this situation: i've got a system flaw and some guy hacks the machine and gets his hands on the passwd file; he has access to the script. what encryption... (2 Replies)
Discussion started by: crashnburn
2 Replies
2. UNIX for Dummies Questions & Answers
Sirs,
What is a shadow file,How it be usefull.For my project i have to keep the password in shawdow file also i am doing in php how can i do it.
Thanks in advance,
ArunKumar (3 Replies)
Discussion started by: arunkumar_mca
3 Replies
3. UNIX for Dummies Questions & Answers
My dilemma,
I need to send, deemed confidential, information via e-mail (SMTP). This information is sitting as a file on AIX. Typically I can send this data as a e-mail attachment via what we term a "mail filter" using telnet. I now would like to somehow encrypt the data and send it to a e-mail... (1 Reply)
Discussion started by: hugow
1 Replies
4. Solaris
my etc/shadow file showing *LK* for a particular user.. can u tell me under which circumstances a user is locked (5 Replies)
Discussion started by: vikashtulsiyan
5 Replies
5. UNIX for Advanced & Expert Users
Does anyone know what "!!" represents in the password field of the /etc/shadow file? :confused: (6 Replies)
Discussion started by: avcert1998
6 Replies
6. UNIX for Dummies Questions & Answers
I see conflicting definitions for the shadow file. For Solaris, what are the fields please? Thanks. (3 Replies)
Discussion started by: DavidS
3 Replies
7. Shell Programming and Scripting
Hi,
In shadow file
smithj:Ep6mckrOLChF.:10063:0:99999:7:::
3rd Field 10063 indicates the number of days (since January 1, 1970) since the password was last changed.
I want to get the result with script the date on which the password was last changed in YYYY-MM-DD format.
can... (8 Replies)
Discussion started by: pinnacle
8 Replies
8. UNIX for Dummies Questions & Answers
As a part of linux hardening
In shadow file all Application accounts which are not locked must contain only an asterisk “*” in the Passwd field.
But how would i do it by using command?
Is there any way other than modifying shadow file to accomplish this task? (3 Replies)
Discussion started by: pinga123
3 Replies
9. Cybersecurity
Hi all,
I'm looking for secure file encryption tools that use MAC address as encryption key. FYI, I'm using Red Hat Enterprise Linux OS.
For example: when A wants to send file to B
A will encrypt the file with B's computer MAC/IP address as an encryption key
This file can only be decrypted... (2 Replies)
Discussion started by: sergionicosta
2 Replies
crypt(3C) crypt(3C)
NAME
crypt - generate hashing encryption
SYNOPSIS
Obsolescent Interfaces
DESCRIPTION
crypt():
is the password encryption function. It is based on a one way hashing encryption algorithm with variations intended (among other things)
to frustrate use of hardware implementations of a key search.
key is a user's typed password. salt is a two-character string chosen from the set this string is used to perturb the hashing algorithm in
one of 4096 different ways, after which the password is used as the key to encrypt repeatedly a constant string. The returned value points
to the encrypted password. The first two characters are the salt itself.
Obsolescent Interfaces
generate hashing encryption.
WARNINGS
The return value for points to data whose content is overwritten by each call.
and are obsolescent interfaces supported only for compatibility with existing DCE applications. New multithreaded applications should use
SEE ALSO
crypt(1), login(1), passwd(1), getpass(3C), passwd(4), thread_safety(5).
STANDARDS CONFORMANCE
crypt(3C)