What is MD5 encryption used in Linux?

linuxharsha · 01-12-2004, 10:15 PM

Hi all,
what is MD5 encryption used in Linux?

I use RedHat 9.0. What happens if I deselect the "use(enable) MD5 encryption" option during the installation of RedHat Linux?

Is there any way that I can decrypt an MD5 password? Because, I want to write a simple JAVA application that lets a user login the RedHat system. Is that possible? Can anybody help me in this regard?

Thank you,
Harsha.

chort · 01-12-2004, 11:35 PM

MD5 is just a replacement for DES as the password hashing mechanism. No, you cannot decrypt MD5 hashed values, that's the whole point! If you could, it would make password hashing worthless.

What you can do is take user input and MD5 it, then compare that to the hash in /etc/shadow. You do need to be root to read /etc/shadow, though. I sure wouldn't recommend running any Java apps as root.

jschiwal · 01-12-2004, 11:40 PM

The MD stands for Message Digest. It is a way of authenticating that the RPM files haven't been altered. It would be very difficult for someone to alter a file and have it produce an identical MD5 signiture.

chort · 01-13-2004, 02:03 AM

Quote:

It is a way of authenticating that the RPM files haven't been altered.

It's used for a lot more than RPM validation. I'm very certain the message he was asking about relates to the shadow password hashing any way, not to RPM validation. In any case, MD5 is just a cryptographical checksum hashing algorithm.

jschiwal · 01-13-2004, 08:25 PM

My bad!

I thought that the option he was talking about, was whether md5 sums were verified during the install process (such as a network install), rather than whether they were used by a PAM module. It seemed to me like a two part question.

I suppose that the best general advise on his password question is to use the best standard method of authentication, and don't monkey with it unless you are a security expert, who knows that you are not introducing problems. Someone a lot more knowledgeable then myself.