passwd files (solved sort of)

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: KevinBuettnerkev@primenet.com
Date:  
Subject: passwd files (solved sort of)
On Aug 10, 11:15am, wrote:

> \_ If you're using MD5 passwords in Linux' /etc/shadow,
> \_ then you'll need to run "crack" on your old hashed
> \_ passwords to convert them to cleartext, and...
>
> But that'll be processor intensive and fail because all of the users
> will have picked secure passwords, right? :-)


Even if they weren't secure passwords, the conversion from cleartext
to encrypted text represents a many-to-one mapping (1), so we can't be
sure that crack would find the user's actual password. This might not
matter if you continue to use the same algorithm to regenerate a new
password, but surely the use of a different algorithm would cause
difficulties.

In any event, I agree with you. `crack' is too computationally
expensive, plus there's no guarantee that it'll find the correct
password, or even any password.

(1) Actually, the mapping is many-to-many due to the "salt" in the
encrypted password. I believe this was done to reduce the
likelihood of two people with identical passwords having the same
(encrypted) password in the passwd database.