[I am not talking abt Cracking..] This is however to say that I ensure my security and warn others abt their security as well.. as earlier said ..the password file has two fields... Username:Password the password is in DES (hashed)Encryption format.. so I think there is a way to Rip it with John... > -----Original Message----- > From: redhat-list-bounces@xxxxxxxxxx > [mailto:redhat-list-bounces@xxxxxxxxxx]On Behalf Of Nathaniel Hall > Sent: Monday, January 24, 2005 12:04 AM > To: General Red Hat Linux discussion list > Subject: Re: decrypting htpasswd > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Mulley, Nikhil wrote: > | Hi All, > | [Meant for Linux Hackers...Well I know all here belong to the same > community ;)] > | However , I have managed to get the htpasswd file of some > other site.. > | this htpasswd file has the fileds like.. > | Username:Password > | (which I guess has some DES encryption and as the salt does not seem > to be start with $1$ which resembles hashing with MD5) > | So , Question is how can I ask my John(the Ripper) to start cracking > this file to give me the password... > | > | Any one any thoughts/ideas ? > | > | ~Nikhil. > | °v° > | /(_)\ > | ^ ^ > | > While I do not see this being a good approach to the > question, I do see > reasonable (legal) uses for your question. I, however, will not say > anything about how to use John the Ripper. It can be a good > tool to use > as log as there is a good legal reason. > > As far as the password hashing with MD5, to the best of my knowledge > there is no way to figure out what the password is without generating > every possible combination and comparing the MD5 hash of both. The > whole reason for using MD5 hashes is to keep from saving the > password in > ~ a decryptable form. To verify authenticity you compare the > MD5 sum of > a password given with the MD5 sum that was created when the > password was > created. Then you never sacrifice the password. > > - -- > > Nathaniel Hall, GSEC > Intrusion Detection and Firewall Technician > Ozarks Technical Community College -- Office of Computer Networking > > halln@xxxxxxx > 417-447-7535 > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.1 (MingW32) > > iD8DBQFB8+4uc+QrUawYcxIRAolXAJwKs4DwKuGm0z9mbgYJRQlfE69v4QCfRMih > uTRl7zJo9P3ASq4e6iLcsus= > =zI9j > -----END PGP SIGNATURE----- > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
