Re: [TriLUG] Need to compare pw's

Mon, 12 Feb 2007 20:31:14 -0800

I think you're SOL. The password is a one-way encryption -- there's (theoretically) no way to go from the hash to a password, only from the password to the hash. So you can confirm a guess but not gain a password. (Note that this is closely related to the fact that /etc/passwd is *world readable*!!! by default, which would of course be a horrible idea if you could learn the password from the hash.) 

More here: http://www.nmrc.org/pub/faq/hackfaq/hackfaq-28.html

Andy

----------------------------------------------------------------------
Andrew J Perrin - andrew_perrin (at) unc.edu - http://perrin.socsci.unc.edu
Assistant Professor of Sociology; Book Review Editor, _Social Forces_
University of North Carolina - CB#3210, Chapel Hill, NC 27599-3210 USA
New Book: http://www.press.uchicago.edu/cgi-bin/hfs.cgi/00/178592.ctl



On Mon, 12 Feb 2007, Roy Vestal wrote:


That's the issue. Some will, some won't.  :-/

Warren Myers wrote:

if they're using the same salt, it's a cinch - strait up string comparison

if it's different, I don't know

WMM

On 2/12/07, Roy Vestal <[EMAIL PROTECTED]> wrote:


Folks,
  I need to compare passwords among differing *nix boxes. I need to
verify the different hashes on the boxes and determine if they are the
same or different. *I do NOT need to crack them!!*

Does anyone know a simple procedure on comparing 2 passwords using the
hashes? I can sed/grep/awk whatever to get the hashes out of the
password files (names will *not* be given here for security purposes),
but I'm not sure is a simple "if [ $a ne $b ] then..." will work.

TIA,
Roy
--
TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
TriLUG Organizational FAQ  : http://trilug.org/faq/
TriLUG Member Services FAQ : http://members.trilug.org/services_faq/







--
TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
TriLUG Organizational FAQ  : http://trilug.org/faq/
TriLUG Member Services FAQ : http://members.trilug.org/services_faq/


--
TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
TriLUG Organizational FAQ  : http://trilug.org/faq/
TriLUG Member Services FAQ : http://members.trilug.org/services_faq/

Reply via email to