On 13/03/18 09:47 AM, to...@tuxteam.de wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, Mar 13, 2018 at 05:25:18PM +0100, Sven Hartge wrote:
Adam Weremczuk wrote:
I think it was me invoking "passwd" as root and aborting (ctrl+D)
without making any changes. Would that be enough
On 14/03/18 09:20, to...@tuxteam.de wrote:
> On Tue, Mar 13, 2018 at 07:36:19PM +0100, Sven Hartge wrote:
>
>> But on that note: I wonder of one could create a PAM module which will
>> do just that on successful login. Once you *know* you have the right
>> password (and the PAM system has that kno
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, Mar 13, 2018 at 07:36:19PM +0100, Sven Hartge wrote:
> to...@tuxteam.de wrote:
[...]
> > Well, to be fair, the change to SHA-1 is because you can "reverse" MD5
> > all too easily
>
> Yes, basically.
>
> > But I don't think your operating s
to...@tuxteam.de wrote:
> On Tue, Mar 13, 2018 at 05:25:18PM +0100, Sven Hartge wrote:
>> Adam Weremczuk wrote:
>>> I think it was me invoking "passwd" as root and aborting (ctrl+D)
>>> without making any changes. Would that be enough to update the
>>> shadow file?
>> No.
>>
>> You can't reve
On Tue 13 Mar 2018 at 15:18:35 (+), Adam Weremczuk wrote:
> Hi all,
>
> I've just spotted that on one of my old wheezy servers root entry in
> /etc/shadow was updated just over 3 weeks ago.
Take a look at the end of a file and see if a new user/system account
has been added recently when you
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, Mar 13, 2018 at 05:25:18PM +0100, Sven Hartge wrote:
> Adam Weremczuk wrote:
>
> > I think it was me invoking "passwd" as root and aborting (ctrl+D)
> > without making any changes. Would that be enough to update the shadow
> > file?
>
> No.
Quite possibly I changed it to the same password.
Not sure now as it was almost a month ago but can't find any better
explanation.
Of course hashes are meant to be irreversible.
I guess I'm trying to catch my own shadow ;)
On 13/03/18 16:19, to...@tuxteam.de wrote:
Still strange. Are you sure
Adam Weremczuk wrote:
> I think it was me invoking "passwd" as root and aborting (ctrl+D)
> without making any changes. Would that be enough to update the shadow
> file?
No.
You can't reverse a hash and to generate a new hash the code needs the
password for the user in plain.
Grüße,
Sven.
-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, Mar 13, 2018 at 04:01:52PM +, Adam Weremczuk wrote:
> I think it was me invoking "passwd" as root and aborting (ctrl+D)
> without making any changes.
> Would that be enough to update the shadow file?
Hm. That depends on which point you inv
I think it was me invoking "passwd" as root and aborting (ctrl+D)
without making any changes.
Would that be enough to update the shadow file?
On 13/03/18 15:47, to...@tuxteam.de wrote:
What I don't understand is how the system changed the hashing
method without getting you involved. You don't
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, Mar 13, 2018 at 03:18:35PM +, Adam Weremczuk wrote:
> Hi all,
>
> I've just spotted that on one of my old wheezy servers root entry in
> /etc/shadow was updated just over 3 weeks ago.
>
> The root password is still the same and the lastch
Hi all,
I've just spotted that on one of my old wheezy servers root entry in
/etc/shadow was updated just over 3 weeks ago.
The root password is still the same and the lastchanged count is much
higher than 3 weeks.
The difference I've noticed is the hashed password string being much longer.
12 matches
Mail list logo