Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Any type of password cracking which uses guessing (this includes both brute force and dictionary) is NOT doing anything in reverse. It's the exact same operation which was done when the original password hash was originally created, the difference being that you're doing it a gazillion times and the resulting hash of each guess is compared to see if it matches the original one. It's not reversal, the direction remains the same. You're just doing tons of comparison.
Fine. I don't want to argue semantics. The admin wanted to know the password. This technique (not a reversal, according to you) will give it to him.
Good grief! All this arguing about cracking passwords and LQ rules, when all the OP has to do is change the password and notify the user what his new password is.
The usual statute of limitations applies; how long has that been unsupported?
Quote:
i want to get a passwrod for a user not root and not changing it ...
Given that, technically, you can't get back the password with certainty (you can get something that has a strong possibility of being the password, particularly with weak passwords, but that isn't certainty) the usual approach is to say to the user 'here is your new temporary password, now change it to something that you would like...and check that they have actually changed it.
What comes to mind is the old Rolling Stones song 'You can't always get what you want (particularly when it is computationally unfeasibly), but you might just find, if you try sometimes, you can get what you need'.
Good grief! All this arguing about cracking passwords and LQ rules, when all the OP has to do is change the password and notify the user what his new password is.
Right, but the OP actually specified that he did NOT want to do that.
Quote:
Originally Posted by mrlinux2000
i want to get a passwrod for a user not root and not changing it ...
This, of course, puts an interesting spin on things.
Right, but the OP actually specified that he did NOT want to do that.
I've never been accused of giving the user what he wants when some other response would be better. I've always felt that if the user knew the proper solution, he wouldn't need to ask the question.
I've never been accused of giving the user what he wants when some other response would be better. I've always felt that if the user knew the proper solution, he wouldn't need to ask the question.
At this point, I would like to remind everyone that providing assistance with cracking is not allowed here at LQ. Any member who goes down that path will be in violation of the LQ Rules. We are therefore unable to help the OP with running the hash through a password cracker, and the question of why exactly he is unable/unwilling to change the password must be raised.
I've never been accused of giving the user what he wants when some other response would be better. I've always felt that if the user knew the proper solution, he wouldn't need to ask the question.
OK. Maybe he didn't ask the right question?
Maybe he's concerned that the user used a weak password and therefore his question should have been "How do I enforce tougher password policies?"
I suppose it could be for illegal purpose too. If you suspect that I might have used the same password on my bank account, then he asked the right question and it's the hapless user who needs education.
Maybe it was just curiosity.
Maybe he has reason to login as that user and doesn't know about "su - username" - again, wrong question.
Maybe it was a homework question, better cloaked than most.
Maybe, maybe. I think people deserve full answers. Sometimes we get a clue that they might be asing the wrong question and I think it's worth exploring that too, if for no other reason than the edification of another reader.
But... it's not my forum. I don't set the rules or the tone.
But that does not help if the user has lost his/her password......
It wasn't clear to me if the user lost their password or if the OP being an admin had inadvertently blown it away and was trying to restore it to what it had been before.
If they don't know the original password and don't have the encrypted password it seems only psychic powers or a time machine would get it back.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.