Can root view other users' passwords?
I'm just wondering if you can see other users' passwords when you're logged in as root. I know you can change their passwords if you want, but can you actually view them? Thanks.
lasindi |
I don't believe so, linux passwords are stored in a one way enrypted form (DES) - sure you could view the encrypted passwords, but to decrypt them by bruteforcing could take a VERY long time.
Steve |
yes, root can surely view /etc/shadow but since the passwords are stored in an encrypted form (MD5), (s)he would not be able to get the clear text form without some tool.
As root can #su - <username> (s)he would hardly require a user password. If a user has the same password on all the systems (s)he uses, and root of one system does not have any rights on other systems and this root does not bear the best of character, (s)he *may* be able to extract the clear text password of a target user to gain access to the other system. (Is that a bit confusing?) Again, as pointed in the earlier post, this password extraction activity (to my belief) is time consuming. |
The only way to view the passwords would be to decrypt the password file, good luck!
|
there are lists of all the possible encryptions for every word in a dictionary that people can use to decrypt a password, so if there pass is a dictionary word it would be possible if you have such a list in your possession
|
All times are GMT -5. The time now is 02:11 AM. |