Miguel G. enscribed thusly:
> Hi!
> Could anyone help me on this? :
> I need to know how to retrive cipher text from plain (right as in
> /etc/passwd) but there is a salt which I don't know how complete, could
> any one help me?
Huh? I'm not quite sure what you mean here. Do you mean you
want to take the plain text password and convert it into the password
hash (it's NOT a cyphertext) that's stored in the password file so you
can match the original hash?
Plaintext -> password hash
If so, the salt that was used previously is the first two characters
of the hashed password in the password file (assuming you are not using
MD5 hashing and assuming that you are not using shadow passwords). It's
a 12 bit value from the low 6 bits of those first two characters, running
from 0-4096.
The only question then is "why?".
If you are trying to confirm passwords, use the pam (plugable
authentication modules) routines to match passwords. That will work
with standard passwd file entries, shadow password entries, MD5 hashed
(long password) entries, NIS entries, Kerberos entries, etc, etc...
If you roll your own, you'll only be compatible with low security simple
/etc/passwd type systems, which SUCK.
If you are really trying to go the other way...
Password hash -> Plain text
For-get-it... The algorithm is a hashing algorithm and is
non-reversible. The password is a key which is used to encrypt a known
value along with the salt. The "key" is not reversible from the resulting
output value. The best you can do is brute force.
If you are trying to create some super password brute forcer, look
at Crack or John the Ripper. I seriously doubt you will be able to do much
better that those two (they're quite spooky of their own rights).
Mike
--
Michael H. Warfield | (770) 985-6132 | [EMAIL PROTECTED]
(The Mad Wizard) | (770) 925-8248 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
