09-22-2011
Quote:
Originally Posted by
trento17
Tx, guys
I see that hash value (md5) is defenitly different for those password (I replaced actual string for demonstration.)
Try giving md5
only the first eight characters of each
The hashes in the shadow file aren't direct md5's of passwords, I'm pretty sure. It depends on implementation but usually it's a hash of the password plus a small 'salt' string, to prevent two users with the same password from having identical hashes(and prevent people from just comparing hash keys to big lists of known hashes.)
If your passwords use md5, be aware that md5 has been cracked, and is now considered a poor algorithm. There's software which can generate strings to match a given md5 on command. This doesn't matter unless an attacker has root access to your shadow file though -- in which case you're screwed anyway.
Last edited by Corona688; 09-22-2011 at 03:48 PM..
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Hi,
I cud find entries for user's named nobody and noaccess in the passwd file in the Unix system in which I am working ... I have seen entries for these in other systems too ....
What is the significance for nobody and noaccess ... ?? Anything special ?? Can anyone help ??
Thanks &... (1 Reply)
Discussion started by: Sabari Nath S
1 Replies
2. UNIX for Dummies Questions & Answers
From what I have read it possible to create a new group by editing the etc/group and etc/passwd in UNIX two files but a non-experienced user may face many problems such as destroying the file by mistake ot that his changes to these file does not make any difference.
However, there is this... (2 Replies)
Discussion started by: whatev3r
2 Replies
3. UNIX for Dummies Questions & Answers
Thanks
AVKlinux (11 Replies)
Discussion started by: avklinux
11 Replies
4. Solaris
i wonder if there is a tool to read the /etc/passwd or /etc/shadow files in order to reset user accounts to the same one.
By moving (restore) all filessytem and data to another same Sun box, none of the users are able to logon to the new box which i didn't change nothing. But if i reset the user... (1 Reply)
Discussion started by: lamoul
1 Replies
5. UNIX for Advanced & Expert Users
I'm trying to make this work, and it half works. Accounts with password hashes matching the old crypt(3) algorithm work just fine:
JUpfW/w6jo6aw
But accounts with longer password hashes preceded by $1$, such as the following, do not work:
$1$iIcbppdP$HDyjJeVMGgJ.ovLsnjtTR.... (0 Replies)
Discussion started by: davidstvz
0 Replies
6. Solaris
Hi Folks,
I have Solaris 10, latest release.
We have passwd aging set in /etc/defalut/passwd.
I have an account that passwd should never expire. Acheived by emptying associated users shadow file entries for passwd aging.
When I reset the users passwd using passwd command, it re enables... (3 Replies)
Discussion started by: BG_JrAdmin
3 Replies
7. Solaris
Hi , can anyone explain me the difference between /etc/shadow and /etc/default/passwd . As per my knowledge both the files are used for password aging and control parameters. (2 Replies)
Discussion started by: rogerben
2 Replies
8. Solaris
Hi all..
I moved the /etc/shadow and /etc/shadow files to /tmp and then rebooted my PARC machine running 5.10. I did it to see if I could recover from single user mode.
But, I forgot to enable the abort key-sequence which I earlier disabled.
Stuck!
One of my gurus told I had to... (9 Replies)
Discussion started by: satish51392111
9 Replies
9. Solaris
Hi,
I have a Solaris 10 box where password aging is not functioning properly. Using the passwd command with the -l or -u options causes the lastchg field in the /etc/shadow file to be modified. Therefore, if a user's password is set to expire in 90 days and they are 1 day away, all they have... (4 Replies)
Discussion started by: cschar
4 Replies
10. Shell Programming and Scripting
I am running the ETL job to passing the database username,pssswd positional arguments to shell script (bash) and how can we suppress/hide the password from ps command. (2 Replies)
Discussion started by: pimmit22043
2 Replies
md5crypt(n) MD5-based password encryption md5crypt(n)
__________________________________________________________________________________________________________________________________________________
NAME
md5crypt - MD5-based password encryption
SYNOPSIS
package require Tcl 8.2
package require md5 2.0
package require md5crypt ?1.1.0?
::md5crypt::md5crypt password salt
::md5crypt::aprcrypt password salt
::md5crypt::salt ?length?
_________________________________________________________________
DESCRIPTION
This package provides an implementation of the MD5-crypt password encryption algorithm as pioneered by FreeBSD and currently in use as a
replacement for the unix crypt(3) function in many modern systems. An implementation of the closely related Apache MD5-crypt is also avail-
able. The output of these commands are compatible with the BSD and OpenSSL implementation of md5crypt and the Apache 2 htpasswd program.
COMMANDS
::md5crypt::md5crypt password salt
Generate a BSD compatible md5-encoded password hash from the plaintext password and a random salt (see SALT).
::md5crypt::aprcrypt password salt
Generate an Apache compatible md5-encoded password hash from the plaintext password and a random salt (see SALT).
::md5crypt::salt ?length?
Generate a random salt string suitable for use with the md5crypt and aprcrypt commands.
SALT
The salt passed to either of the encryption schemes implemented here is checked to see if it begins with the encryption scheme magic string
(either "$1$" for MD5-crypt or "$apr1$" for Apache crypt). If so, this is removed. The remaining characters up to the next $ and up to a
maximum of 8 characters are then used as the salt. The salt text should probably be restricted the set of ASCII alphanumeric characters
plus "./" (dot and forward-slash) - this is to preserve maximum compatability with the unix password file format.
If a password is being generated rather than checked from a password file then the salt command may be used to generate a random salt.
EXAMPLES
% md5crypt::md5crypt password 01234567
$1$01234567$b5lh2mHyD2PdJjFfALlEz1
% md5crypt::aprcrypt password 01234567
$apr1$01234567$IXBaQywhAhc0d75ZbaSDp/
% md5crypt::md5crypt password [md5crypt::salt]
$1$dFmvyRmO$T.V3OmzqeEf3hqJp2WFcb.
BUGS, IDEAS, FEEDBACK
This document, and the package it describes, will undoubtedly contain bugs and other problems. Please report such in the category md5crypt
of the Tcllib SF Trackers [http://sourceforge.net/tracker/?group_id=12883]. Please also report any ideas for enhancements you may have for
either package and/or documentation.
SEE ALSO
md5
KEYWORDS
hashing, md5, md5crypt, message-digest, security
CATEGORY
Hashes, checksums, and encryption
COPYRIGHT
Copyright (c) 2003, Pat Thoyts <patthoyts@users.sourceforge.net>
md5crypt 1.1.0 md5crypt(n)