Review your favorite Linux distribution.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 12-03-2007, 07:27 AM   #1
LQ Newbie
Registered: Dec 2007
Posts: 1

Rep: Reputation: 0
Password Hash Query

I have to provide technical support to Linux based devices that run a MySQL database. These databases contain hashed passwords, and I've been trying to find out what algorithm is being used, so that I can easily pull the passwords without bothering the clients / customers themselves (the nature of the passwords is such that they're hardly closely guarded secrets). I've been very unsuccessful so far in finding out the "format" that they're contained in.

All I can tell you is that they're running kernel 2.4 and MySQL 4.0 (although I'm guessing that this is somewhat irrelevant) and the following (which is what I'm hoping will "tell all"): When I enter a password through the user interface of the machines, the passwords end up as the following:




I originally wondered if this was base64, but that's proved a total dead end... They don't seem to be "standard" MySQL 4.0 passwords, either. Any ideas? I'm hoping that this will be patently obvious to some of you... Passwords and security is really not my forte <blush>

Last edited by aml1973; 12-03-2007 at 07:29 AM. Reason: Smilies were creating havoc with some of the password hashes!
Old 12-03-2007, 07:50 AM   #2
Senior Member
Registered: Oct 2003
Location: Northeastern Michigan, where Carhartt is a Designer Label
Distribution: Slackware 32- & 64-bit Stable
Posts: 3,541

Rep: Reputation: 1062Reputation: 1062Reputation: 1062Reputation: 1062Reputation: 1062Reputation: 1062Reputation: 1062Reputation: 1062
Probably the MySQL password statement?

Take a look at and see if that helps you. Particularly, look at the links in the document for the password statement.

Could be that somebody wrote a little C program or function that uses the standard library crypt() function, but the MySQL password statement is more likely (and it uses crypt()). Take a look at the manual page in section 5 for passwd (man 5 passwd) for an explanation.

Hope this helps more than hurts.

Note the following; might be a good time to think about upgrading...
End of Product Lifecycle. Active development and support for MySQL database server versions 3.23, 4.0, and 4.1 has ended. However, for MySQL 4.0 and 4.1, there is still extended support available. For details, see According to the MySQL Lifecycle Policy (see, only Security and Severity Level 1 issues will still be fixed for MySQL 4.0 and 4.1. Please consider upgrading to a recent version (MySQL 5.0 or 5.1).


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
What is used to create the shadow password hash?? helptonewbie Linux - General 11 08-17-2009 02:02 AM
Possible to Query for Root Password with Shortcuts? Wheat_Thins Linux - Security 6 03-18-2006 09:18 AM
password hash storage (md5, sha1...) aneroid Programming 6 12-30-2005 10:27 PM
Change Password Hash Algorithm Trano Linux - Security 1 08-23-2005 07:48 AM
enabling blowfish password hash on RedHat linux appadesai Linux - General 0 04-05-2003 07:20 AM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:31 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration