On Aug 10, 11:15am, sinck@owmyeye.ugive.com wrote:

> \_ If you're using MD5 passwords in Linux' /etc/shadow,
> \_ then you'll need to run "crack" on your old hashed
> \_ passwords to convert them to cleartext, and...
> 
> But that'll be processor intensive and fail because all of the users
> will have picked secure passwords, right?  :-)

Even if they weren't secure passwords, the conversion from cleartext
to encrypted text represents a many-to-one mapping (1), so we can't be
sure that crack would find the user's actual password.  This might not
matter if you continue to use the same algorithm to regenerate a new
password, but surely the use of a different algorithm would cause
difficulties.

In any event, I agree with you.  `crack' is too computationally
expensive, plus there's no guarantee that it'll find the correct
password, or even any password.

  (1) Actually, the mapping is many-to-many due to the "salt" in the
  encrypted password.  I believe this was done to reduce the
  likelihood of two people with identical passwords having the same
  (encrypted) password in the passwd database.