I have generated a password hash using mkpasswd under Linux(mkpasswd utility uses crypt(3) C library function, which uses DES as a default if I'm correct). The hash of my password is hGHG8kqTlGTfQ. Is it possible to reverse engineer this hash back to my password?

How can this password hash be useful? I mean every time I generate a hash with the same password, the hash is different. For example all those hashes are generated with the same password: hGHG8kqTlGTfQ, TZB86wpkAMv3w, .VUzeoahYE2xU

All explanations are most welcome

well man page says it creates random passwords automatically. so they are randomly created passwords.


and hash functions are completely deterministic so you can't get two diffirent hash from same data unless
there's some thing with implantation, function or both.

0 members found this post helpful.

As per the crypt(3) man page about DES: Here are the hashes of your password, with the salt in bold type:To summarize, you have three different hashes of the same password because the salts are different. To answer another of your questions, hashes in general are a one-way mechanism: you cannot retrieve your password from a hash. Your can infer this from the fact that there is only a finite number of hashes of a given type (DES, MD5, etc) but a (theoretically) infinite number of passwords. DES has further limitations on the password length as explained in the man page.

1 members found this post helpful.

that's not hash, that's not hash at all. hash functions are deterministic and they are created to give the same outcome at any time and at any computer. this is important aspect of hash functions.

however randomly created salt is regularly used in encrypting anything. and still mypasswd man pages says it creates passwords " mkpasswd - generate new password, optionally apply it to a user". using DES to create them randomly is simple way to do that.

ozanbaba, we may be discussing different things. i was only talking about password hashing (which is how i understood the statement above), not password generation, which i think is what you were talking about. if the question is one about password generation, then m4rtin should ignore my post.

Basically, what we've got is the same (clear-text) passwd being hashed 3 times, each time with a different salt, as pointed out above.
The result is 3 different hashes, stored with the (relevant) leading salt so that the OS can re-create the hash by taking the same salt and hashing it with the clear-text passwd.
In Unix, its always done this way; the system does not even attempt to reverse the process ie it compares the stored result with the generated hash at each login attempt.

It expects 2-byte salt, which is 2 first bytes of newly generated hash.
Read help and mans carefully.
This is a rough shell code describing the simple way in which password can be verified.

if for instance you want to hash the password 'qwerty' with mkpasswd several times, you will have different hashes every time. Because of the salt, as was previously stated.

If for some instance you want to generate the same hash twice for the same password you need to force the salt for a value of your choice.
Something like this:

$> mkpasswd -S 10 , and then put 'qwerty'
you will always get '10KzyU/2omSCM'

You can see that the first 2 letters are the salt of your choice.

Just another hint, you can choose other methods of encryption like md5, sha-256, sha-512 just by using the -m parameter.


just h@ck1ng f0r fun!
eaglek1

hashing is completely different thing from what you are discussing. you are both discussing encryption which is what crypt does. one can use it to create a random password or encrypt a password.

Thanks you all for discussion! Now I understand, how mkpasswd utility works(+ hashing and salting).

PS Web31337, nice script, but is there a possibility to hide sdtin appearing to terminal window when user is typing in USERPW?

Only by brute force - trying all possible passwords until a match is obtained. The 'salting' described serves to increase the difficulty of such a brute-force search, by requiring the attacker to run crypt on each password 4096 times, once for each possible salt.

The brute force search can - and usually will - be limited by considering only lowercase, or by using a dictionary search, or other methods that assume the password chosen is not fully random.

The nature of a hash function is such that multiple passwords could lead to the same hash. Any of these passwords could be used to log in. Which one is 'correct' can be inferred as it will be the one with a sensible length and possibly a pattern. Of course, that only matters if you've used the password elsewhere, which you're not supposed to do - but almost everyone does.

1 members found this post helpful.