LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 12-03-2007, 07:27 AM   #1
aml1973
LQ Newbie
 
Registered: Dec 2007
Posts: 1

Rep: Reputation: 0
Password Hash Query


I have to provide technical support to Linux based devices that run a MySQL database. These databases contain hashed passwords, and I've been trying to find out what algorithm is being used, so that I can easily pull the passwords without bothering the clients / customers themselves (the nature of the passwords is such that they're hardly closely guarded secrets). I've been very unsuccessful so far in finding out the "format" that they're contained in.

All I can tell you is that they're running kernel 2.4 and MySQL 4.0 (although I'm guessing that this is somewhat irrelevant) and the following (which is what I'm hoping will "tell all"): When I enter a password through the user interface of the machines, the passwords end up as the following:

password
m:pTSmp3qipzD=

LinuxQuestions.org
m:GTyhqKuEqJImqTyioaZho3Wa

administrator
m:LJEgnJ5cp3ElLKEipt==

abcdefghijkl
m:LJWwMTIzM2ucnzgf

I originally wondered if this was base64, but that's proved a total dead end... They don't seem to be "standard" MySQL 4.0 passwords, either. Any ideas? I'm hoping that this will be patently obvious to some of you... Passwords and security is really not my forte <blush>

Last edited by aml1973; 12-03-2007 at 07:29 AM. Reason: Smilies were creating havoc with some of the password hashes!
 
Old 12-03-2007, 07:50 AM   #2
tronayne
Senior Member
 
Registered: Oct 2003
Location: Northeastern Michigan, where Carhartt is a Designer Label
Distribution: Slackware 32- & 64-bit Stable
Posts: 3,541

Rep: Reputation: 1062Reputation: 1062Reputation: 1062Reputation: 1062Reputation: 1062Reputation: 1062Reputation: 1062Reputation: 1062
Probably the MySQL password statement?

Take a look at http://dev.mysql.com/doc/refman/4.1/...d-hashing.html and see if that helps you. Particularly, look at the links in the document for the password statement.

Could be that somebody wrote a little C program or function that uses the standard library crypt() function, but the MySQL password statement is more likely (and it uses crypt()). Take a look at the manual page in section 5 for passwd (man 5 passwd) for an explanation.

Hope this helps more than hurts.

Note the following; might be a good time to think about upgrading...
Quote:
End of Product Lifecycle. Active development and support for MySQL database server versions 3.23, 4.0, and 4.1 has ended. However, for MySQL 4.0 and 4.1, there is still extended support available. For details, see http://www.mysql.com/company/legal/lifecycle/#calendar. According to the MySQL Lifecycle Policy (see http://www.mysql.com/company/legal/lifecycle/#policy), only Security and Severity Level 1 issues will still be fixed for MySQL 4.0 and 4.1. Please consider upgrading to a recent version (MySQL 5.0 or 5.1).
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
What is used to create the shadow password hash?? helptonewbie Linux - General 11 08-17-2009 02:02 AM
Possible to Query for Root Password with Shortcuts? Wheat_Thins Linux - Security 6 03-18-2006 09:18 AM
password hash storage (md5, sha1...) aneroid Programming 6 12-30-2005 10:27 PM
Change Password Hash Algorithm Trano Linux - Security 1 08-23-2005 07:48 AM
enabling blowfish password hash on RedHat linux appadesai Linux - General 0 04-05-2003 07:20 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:31 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration