LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 07-18-2001, 05:52 AM   #1
soulsinner
LQ Newbie
 
Registered: Jul 2001
Posts: 1

Rep: Reputation: 0
Unhappy How to look at user password or change them



im using my root access. and i want to take a look at the user password. how i want to do this. im using RH7.1
 
Old 07-18-2001, 08:40 AM   #2
trickykid
LQ Guru
 
Registered: Jan 2001
Posts: 24,149

Rep: Reputation: 269Reputation: 269Reputation: 269
I am not sure on how to view passwords... don't think they make that possible, but you can change them with the passwd command.
 
Old 07-18-2001, 08:41 AM   #3
jharris
Senior Member
 
Registered: May 2001
Location: Bristol, UK
Distribution: Slackware, Fedora, RHES
Posts: 2,243

Rep: Reputation: 47
You can only see the encrypted password by looking at /etc/shadow - the way the password system works is it encrypts the password you give it then compares it to the encrypted version, there is no way to got back to the plain text version.

cheers

Jamie...
 
Old 07-19-2001, 04:57 AM   #4
raz
Member
 
Registered: Apr 2001
Location: London
Posts: 408

Rep: Reputation: 31
Just to build on those answers, this is why.

Linux uses the DES encryption algorithm.
This algorithm uses a private key method of encryption.
It's a one way encryption that applies a 56-bit key to each 64-bit block of data, with a 12-bit salt.

Basically the password is stored in it's encrypted form in /etc/shadow, then when you type your password in, the system encrypted the plain password you entered and checks to see if it matches the sorted encrypted string in /etc/shadow, if not your rejected.

So if your serious about matching a password to someone's encrypted string "notice I didn't say decrypt"
Then you need lots of cpu power for brute force password cracking.

DES is "fairly" secure as the strongest password can only be matched after 72,057,594,037,927,936 different combinations.

Just to put this in perspective.
Someone challenged me to get the root password of a 2.5 Solaris Box in my old work.
At my disposable I had 5 Sun Ultra 2's with 2 x 400Mhz Risc processors.
Each system could do about 180,000 different combinations per second x 10 systems all working together through "John the ripper software" = 1.8 million password hits per second.
If the password was strong then It would have taken these systems about 1,269 years to get the password."as in strong I mean "Lower/upper,numbers and crtlchars".
Luckily for me the password was something like "sandra" so I got a match from my first brute force attempt of lowercase alphabetic 6 characters, which only takes about 1.7 minutes to do all of them.

Now 3-DES I don't even want to think about.

/Raz
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Help! Cannot Add a User to User Manager or Change Root Password lennysokol Linux - General 2 06-25-2005 09:59 AM
what is the command to make a user change their password after creating a new user? naweenio Linux - Newbie 7 01-05-2005 07:07 AM
Change user password ust Linux - Software 2 12-31-2003 05:25 AM
About change user password ust Linux - General 1 12-23-2003 01:59 AM
How to change all user password to the same? explorer1979 Linux - General 3 04-09-2003 01:02 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:38 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration