On Tue, 18 Aug 1998, George Bonser wrote: > On Wed, 19 Aug 1998, Michael Beattie wrote: > > > 2) obtain by whatever method, the hashed/encrypted/whatever password from > > /etc/shadow. > > > > Stop right there. Since /etc/shadow is readable only by root, if you can > access the file, you must be root .... right? If you are root, you do not > NEED a password to access a user's account. You can just become that user. > You can also create your own user accounts. You can also change the root > and user passwords or delete the passwords. > > In other words ... the whole point is to protect root and keep /etc/shadow > readable only by root. If you can read the shadow file, you don't need it.
Okay, true, but it was more of a feasability question, "if you can get the string, is it possible to use the following method to decrypt it??" Michael Beattie ([EMAIL PROTECTED]) PGP Key available, reply with "pgpkey" as subject. ----------------------------------------------------------------------------- There is no snooze button on a cat who wants breakfast. ----------------------------------------------------------------------------- Debian GNU/Linux.... Ooohh You are missing out!