LinuxQuestions.org

LinuxQuestions.org (http://www.linuxquestions.org/questions/index.php)
-   Linux - General (http://www.linuxquestions.org/questions/forumdisplay.php?f=1)
-   -   decrypt linux passwords (http://www.linuxquestions.org/questions/showthread.php?t=4175437758)

unixedway 11-19-2012 02:27 AM

decrypt linux passwords
 
Is ther anyway to decrypt the passwords in /etc/shadow ? if i have a root password and i want to know some users passwords .
Iam asking this not to know people passwords but i need to migrate old imap mail system to another one and the migration tool needs the mailbox username and password.
i found some info that stats linux using irreversible DES algorithm .any ideas?

Thank you

pan64 11-19-2012 03:04 AM

I think there is no such tool, so you cannot recover password from /etc/shadow

Wim Sturkenboom 11-19-2012 05:17 AM

Passwords are hashed (you can see it as one way encryption) before they are stored. There is no way to reverse the process except with brute force.

There is no need for you to know their passwords. You can always become the specific user once you're root.

And 'cracking' user's passwords is an abuse of your root powers.

unixedway 11-19-2012 05:56 AM

as i said in my post i need to migrate from old mail system to another and the migration needs password to access the user cyrus mailbox


Quote:

Originally Posted by Wim Sturkenboom (Post 4832477)
Passwords are hashed (you can see it as one way encryption) before they are stored. There is no way to reverse the process except with brute force.

There is no need for you to know their passwords. You can always become the specific user once you're root.

And 'cracking' user's passwords is an abuse of your root powers.


pan64 11-19-2012 06:00 AM

ask users to save their mails, you will not be able to migrate them (if the old system is not fully compatible with the new one)

unixedway 11-19-2012 06:14 AM

Quote:

Originally Posted by pan64 (Post 4832495)
ask users to save their mails, you will not be able to migrate them (if the old system is not fully compatible with the new one)

There is a migration tool but need passwords, yes its not compatible the old one is cyrus and postfix and the new is zimbra , iam just trying to make things easer for users , i hope they can to the new system and find everything as it is , and the big problem is i cant export the users passwords to the new mail coz zimbra uses ldap i have to give them new passwords :( , i think its realy bad for large sites

sundialsvcs 11-19-2012 06:52 AM

You ought to be able to migrate the data by accessing the storage database of that IMAP server directly.

Or, perhaps you can show users how to "push" their mailbox contents into your new server.

Perhaps you can "force-change" their passwords on the old system if it is now permanently offline. If it is not, then in any case you will have to in some way cooperate with them.

wpeckham 11-19-2012 04:38 PM

Passwords
 
That hash is a B1T(H to break, it can take months of continuous processing (and then the result is not assured). Do not waste your time.

If the users are not yet on the second system, and the crypt libs are compatible, migrate the account INCLUDING the passwords from the old server to the new. While you cannot break the hash, you CAN copy it and use it to load the new system! (I will not tell you how old this trick is, but the guy that taught it to me has retired for more than 20 years!)

foodown 11-19-2012 04:45 PM

Quote:

Originally Posted by unixedway (Post 4832396)
Is ther anyway to decrypt the passwords in /etc/shadow ? if i have a root password and i want to know some users passwords .
Iam asking this not to know people passwords but i need to migrate old imap mail system to another one and the migration tool needs the mailbox username and password.
i found some info that stats linux using irreversible DES algorithm .any ideas?

Thank you

You should not do that.

How many users are we talking about?

You could always (during a window where the services were made inaccessible) make a copy of the shadow file, then remove the hashes entirely (which will make their passwords ""), do your migrations, and then put the original shadow file back into place.

It's a pretty jank way to do it, but it'd work.

(EDIT: Cracking passwords, even for arguably "well meaning" reasons, is unethical; it doesn't stand up to the test of reciprocity, at least not from over here.)


All times are GMT -5. The time now is 09:41 AM.