how decode the passwd file's password?
Quote:
In an open society, in open knowledge and open source, you can and should never ask "WHY do you want to know that?" Because knowledge is free and open and should be shared. I wanted to know this because I own a system that I want to be sure that it is secure, now if I can't get the password, then nobody else can. If I can, so will others. Now Windows on the other hand is horrendously insecure, check out this video and watch on Minute 2:00, what the guy does. https://www.youtube.com/watch?v=JON76zbiL1o Bang, he gets the password. I tried it out on Windows 7 and yes, this actually works, scary!!! And then watch how he bypasses UAC security, just by a making rubber ducky push enter. I predicted years ago that UAC could easily be fooled, but people told me "no, that can't be simulated" and yet it can. Now on Linux, with a password and not just a dumb click, you can't become root like this. And I was waiting and knew this day would come, well, it as much earlier of course, I just did not know about it, but wisely, migrated away most of my systems over to Linux. Convenience and ease of use screws up any security, for sure. ;-) |
Quote:
But since it has been awakened in such a way, ;) "open" is just a marketing term invented to avoid using the ideologically charged terms FREE and FREEDOM. Knowledge should be FREE, but isn't thanks to the abomination of intellectual property law, which has no relevance to this thread as far as I can tell. And it is always OK to question someone's motivation for engaging in potentially malicious activity, especially in a FREE society. |
Double Secret Probation.
|
I have no idea why an ancient thread is being resurrected just scold jharris for his question of why.
Can a forum member ask a question? |
Quote:
And IP is pretty terrible and with that I don't mean the IP of TCPIP. BUT, we still have Linux and other open source projects and so we DO KNOW freedom and live in it. And I would say that as long as there is a legal and benign justification for asking a question, a legal and good use of something that would otherwise be considered somebody dangerous: like asking about what you can do with a knife, it is legit. In the case of passwd, we need to know IF it can be cracked and how. Because we need to know about any horrendous safety flaws. And also, to know if we can rest assured that nobody can decrypt out password really fast. And so far, I'm content and happy to know that no, it cannot. Brute forcing is not among these choices and does not fit the criteria for fast. We do believe in security through transparency, not security though obscurity. I need to know if something is insecure, so I can act and prepare accordingly. And not worry only, that we might tip off the bad guys about a security hole that they can exploit. Living in a society, where knowledge is privileged and secret and only available to a subset of people is not a pleasant idea. What do I get as a price for grave robbing and resurrecting this (still current) topic? |
//Pruned from https://www.linuxquestions.org/quest...password-4392/ as necropost.
Quote:
|
Quote:
|
The actual password file ordinarily contains a salted hash of the correct password. This means that you cannot "decode" it. All that you can do is to determine if the password entered by the user is correct.
|
Quote:
Asking questions isn't wrong: not asking is. |
Quote:
You misunderstood me in this one, and I probably could have written it better: You of course are entitled to ask WHY, what I meant is that you are not allowed to restrict information, depending on first wanting to know why. Information can be gotten easily everywhere and you just create a little road block that can be easily circumvented by the asker. So saying that, you won't stop somebody from doing hacking, if they want to and it is not that it is super secret knowledge that can only gained by asking on person that can check the motives first. A person bent on black hat hacking/cracking will do it anyway, and might even fake their motives, saying that they need it for white hat hacking/cracking. |
Quote:
So, in this scenario, what is your answer... Code:
OP: How do you crack a password? |
Maybe we ought to move on? Nothing more to see here. I fear this will turn into one of those never ending posts.
|
Quote:
That it just as offensive (if not more so) as what you just objected to in the same post - being called "wrong". I will restrict information as I see fit, thank you. I'm a responsible adult who lives in the real world. EDIT: Just saw jefro's post above. Good idea. |
Ok guys, I agree with you there, if somebody outs themselves as somebody that is purposefully going to hack a machine and commit a crime, of course I would not give them the information.
What I meant was and here I talk about ME, what I would do. I, of course, am not allowed to tell you what you should or shouldn't do, that is what a free society is too. So I want to take back my post, I did not intend to restrict anyone from restricting or not restricting any information. And it is offensive, you are right. I did not mean to say that, I wrote it wrong, don't know why it came out like that. What I meant was that in my view, "I", MYSELF would not make it depending on somebody answering my "why do you want to know?". If you chose to impose such a condition or qualifiers, you are of course free to do so. So no, we don't have to have an endless post, I admit the error in my post and appologize. |
Let's just be as civil as we know how to be. :) Someone who asks a question like this could well be wearing a white hat. It's a legitimate question to want to know how a password is securely stored ... in a passwd file or its shadow, or in a database, and so forth. It's also legitimate to want to know more about differences, since there are many ways that passwords ... "authorization and authentication" in general ... might be handled on any given system.
If the password storage system is well designed, then a secret like fc683cd9ed1990ca2ea10b84e5e6fba048c24929 will be impenetrable, unless you know the secret secret, and nothing else will tell you what the secret is unless you know the secret or by chance happen to guess what secret the secret is. And so, it is no secret how the secret has been concealed. "Security through obscurity" is no adequate protection for any secret. (Which makes the secret that I have just concealed, above, so utterly secret that I am sure it would be impossible for anyone to guess.) ;) Incidentally, this is a fundamental reason why the best authorization/authentication systems do not rely upon passwords or "shared secrets" at all, but instead use cryptographically generated one-of-a-kind digital certificates that might then be enciphered by a password string, and perhaps also be required to be used in conjunction with some "two-factor identification" device like a random-number token or pass-card. The certificate, which is unique, traceable, and individually revokable, is what grants access. The password only makes it harder to use if stolen. And, if it is stolen, it can be rendered utterly useless in seconds. (Similar things can be done with good ol' ssh, although they are much more prone to tampering.) |
All times are GMT -5. The time now is 05:29 PM. |