Re: shadow file

• Previous message: Marian Stepka: "DRP plan samples..."
• In reply to: Frank: "shadow file"
• Next in thread: Justins local account: "Re: shadow file"
• Reply: Justins local account: "Re: shadow file"
• Reply: Lensman: "Re: shadow file"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 8 Dec 2004 17:11:22 GMT

In article <cp6ki9$je4$05$1@news.t-online.com>, Frank <lol@privacy.net> wrote:
:i'd like to see if it's possible to decode this file....

:root:$1$BZftq3sP$xEeZmr2fGEnKjVAxzj/o51:12747:0:99999:7:::

That looks like a standard /etc/shadow line in an OS that allows
the glibc extensions to encrypted passwords. According to

http://unixhelp.ed.ac.uk/CGI/man-cgi?crypt+3

  GNU EXTENSION

  The glibc2 version of this function has the following additional fea-
  tures. If salt is a character string starting with the three charac-
  ters "$1$" followed by at most eight characters, and optionally termi-
  nated by "$", then instead of using the DES machine, the glibc crypt
  function uses an MD5-based algorithm, and outputs up to 34 bytes,
  namely "$1$<string>$", where "<string>" stands for the up to 8 charac-
  ters following "$1$" in the salt, followed by 22 bytes chosen from the
  set [a-zA-Z0-9./]. The entire key is significant here (instead of only
  the first 8 bytes).

Thus, in order to decode the password, one would have to find a
password whose MD5 was represented in base64 as xEeZmr2fGEnKjVAxzj/o51 .

MD5 is a 128 bit hash, so brute force would require an
average of 2^127 operations to find a match. That's a lot of
computation.

There are services which are generating pretty much all 8 bit
lowercase + digit plaintexts and using MD5 to encrypt them and
saving the result, but these services don't work with the "salted"
MD5 of shadow password files.

http://passcracking.com/

-- 
   *We* are now the times.                  -- Wim Wenders (WoD)

• Previous message: Marian Stepka: "DRP plan samples..."
• In reply to: Frank: "shadow file"
• Next in thread: Justins local account: "Re: shadow file"
• Reply: Justins local account: "Re: shadow file"
• Reply: Lensman: "Re: shadow file"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: shadow file ... :i'd like to see if it's possible to decode this file.... ... the glibc extensions to encrypted passwords. ... ters "$1$" followed by at most eight characters, ... MD5 is a 128 bit hash, so brute force would require an ... (comp.security.misc) Re: shadow file ... :i'd like to see if it's possible to decode this file.... ... the glibc extensions to encrypted passwords. ... ters "$1$" followed by at most eight characters, ... MD5 is a 128 bit hash, so brute force would require an ... (comp.os.linux.security) Re: shadow file ... roberson@ibd.nrc-cnrc.gc.ca (Walter Roberson) wrote: ... >:i'd like to see if it's possible to decode this file.... ... >the glibc extensions to encrypted passwords. ... >MD5 of shadow password files. ... (comp.security.misc) Re: shadow file ... roberson@ibd.nrc-cnrc.gc.ca (Walter Roberson) wrote: ... >:i'd like to see if it's possible to decode this file.... ... >the glibc extensions to encrypted passwords. ... >MD5 of shadow password files. ... (comp.os.linux.security) Re: shadow file ... roberson@ibd.nrc-cnrc.gc.ca (Walter Roberson) wrote: ... >:i'd like to see if it's possible to decode this file.... ... >the glibc extensions to encrypted passwords. ... >MD5 of shadow password files. ... (comp.security.unix)