[TriLUG] Need to compare pw's

Andrew Perrin clists at perrin.socsci.unc.edu
Mon Feb 12 23:30:52 EST 2007 

I think you're SOL. The password is a one-way encryption -- there's 
(theoretically) no way to go from the hash to a password, only from the 
password to the hash. So you can confirm a guess but not gain a password. 
(Note that this is closely related to the fact that /etc/passwd is *world 
readable*!!! by default, which would of course be a horrible idea if you 
could learn the password from the hash.)

More here: http://www.nmrc.org/pub/faq/hackfaq/hackfaq-28.html

Andy

----------------------------------------------------------------------
Andrew J Perrin - andrew_perrin (at) unc.edu - http://perrin.socsci.unc.edu
Assistant Professor of Sociology; Book Review Editor, _Social Forces_
University of North Carolina - CB#3210, Chapel Hill, NC 27599-3210 USA
New Book: http://www.press.uchicago.edu/cgi-bin/hfs.cgi/00/178592.ctl



On Mon, 12 Feb 2007, Roy Vestal wrote:

> That's the issue. Some will, some won't.  :-/
>
> Warren Myers wrote:
>> if they're using the same salt, it's a cinch - strait up string comparison
>> 
>> if it's different, I don't know
>> 
>> WMM
>> 
>> On 2/12/07, Roy Vestal <rvestal at trilug.org> wrote:
>>> 
>>> Folks,
>>>   I need to compare passwords among differing *nix boxes. I need to
>>> verify the different hashes on the boxes and determine if they are the
>>> same or different. *I do NOT need to crack them!!*
>>> 
>>> Does anyone know a simple procedure on comparing 2 passwords using the
>>> hashes? I can sed/grep/awk whatever to get the hashes out of the
>>> password files (names will *not* be given here for security purposes),
>>> but I'm not sure is a simple "if [ $a ne $b ] then..." will work.
>>> 
>>> TIA,
>>> Roy
>>> -- 
>>> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
>>> TriLUG Organizational FAQ  : http://trilug.org/faq/
>>> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>>> 
>> 
>> 
>> 
>
> -- 
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ  : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>

More information about the TriLUG mailing list