Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have generated a password hash using mkpasswd under Linux(mkpasswd utility uses crypt(3) C library function, which uses DES as a default if I'm correct). The hash of my password is hGHG8kqTlGTfQ. Is it possible to reverse engineer this hash back to my password?
How can this password hash be useful? I mean every time I generate a hash with the same password, the hash is different. For example all those hashes are generated with the same password: hGHG8kqTlGTfQ, TZB86wpkAMv3w, .VUzeoahYE2xU
well man page says it creates random passwords automatically. so they are randomly created passwords.
and hash functions are completely deterministic so you can't get two diffirent hash from same data unless
there's some thing with implantation, function or both.
...
salt is a two-character string chosen from the set [a–zA–Z0–9./]. This
string is used to perturb the algorithm in one of 4096 different ways.
...
The returned value points to the encrypted password, a series
of 13 printable ASCII characters (the first two characters represent
the salt itself).
...
Here are the hashes of your password, with the salt in bold type:
Code:
hGHG8kqTlGTfQ, TZB86wpkAMv3w, .VUzeoahYE2xU
To summarize, you have three different hashes of the same password because the salts are different. To answer another of your questions, hashes in general are a one-way mechanism: you cannot retrieve your password from a hash. Your can infer this from the fact that there is only a finite number of hashes of a given type (DES, MD5, etc) but a (theoretically) infinite number of passwords. DES has further limitations on the password length as explained in the man page.
that's not hash, that's not hash at all. hash functions are deterministic and they are created to give the same outcome at any time and at any computer. this is important aspect of hash functions.
however randomly created salt is regularly used in encrypting anything. and still mypasswd man pages says it creates passwords " mkpasswd - generate new password, optionally apply it to a user". using DES to create them randomly is simple way to do that.
I mean every time I generate a hash with the same password, the hash is different.
ozanbaba, we may be discussing different things. i was only talking about password hashing (which is how i understood the statement above), not password generation, which i think is what you were talking about. if the question is one about password generation, then m4rtin should ignore my post.
Basically, what we've got is the same (clear-text) passwd being hashed 3 times, each time with a different salt, as pointed out above.
The result is 3 different hashes, stored with the (relevant) leading salt so that the OS can re-create the hash by taking the same salt and hashing it with the clear-text passwd.
In Unix, its always done this way; the system does not even attempt to reverse the process ie it compares the stored result with the generated hash at each login attempt.
It expects 2-byte salt, which is 2 first bytes of newly generated hash.
Read help and mans carefully.
This is a rough shell code describing the simple way in which password can be verified.
Code:
STOREDPW=IpI5s.JwGI7A6
echo -n 'Please enter the password: '
read USERPW
SALT=`echo $STOREDPW | head -c 2`
USERPW=`mkpasswd $USERPW $SALT`
if [ $USERPW = $STOREDPW ]; then
echo Password verified.
exit 0
fi
echo Password verification failed.
exit 1
if for instance you want to hash the password 'qwerty' with mkpasswd several times, you will have different hashes every time. Because of the salt, as was previously stated.
If for some instance you want to generate the same hash twice for the same password you need to force the salt for a value of your choice.
Something like this:
$> mkpasswd -S 10 , and then put 'qwerty'
you will always get '10KzyU/2omSCM'
You can see that the first 2 letters are the salt of your choice.
Just another hint, you can choose other methods of encryption like md5, sha-256, sha-512 just by using the -m parameter.
ozanbaba, we may be discussing different things. i was only talking about password hashing (which is how i understood the statement above), not password generation, which i think is what you were talking about. if the question is one about password generation, then m4rtin should ignore my post.
hashing is completely different thing from what you are discussing. you are both discussing encryption which is what crypt does. one can use it to create a random password or encrypt a password.
The hash of my password is hGHG8kqTlGTfQ. Is it possible to reverse engineer this hash back to my password?
Only by brute force - trying all possible passwords until a match is obtained. The 'salting' described serves to increase the difficulty of such a brute-force search, by requiring the attacker to run crypt on each password 4096 times, once for each possible salt.
The brute force search can - and usually will - be limited by considering only lowercase, or by using a dictionary search, or other methods that assume the password chosen is not fully random.
The nature of a hash function is such that multiple passwords could lead to the same hash. Any of these passwords could be used to log in. Which one is 'correct' can be inferred as it will be the one with a sensible length and possibly a pattern. Of course, that only matters if you've used the password elsewhere, which you're not supposed to do - but almost everyone does.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.