Re: decrypting htpasswd

• Previous message: Steve Buehler: "Re: decrypting htpasswd"
• In reply to: Mulley, Nikhil: "decrypting htpasswd"
• Next in thread: Mulley, Nikhil: "RE: decrypting htpasswd"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Sun, 23 Jan 2005 12:34:22 -0600
To: General Red Hat Linux discussion list <redhat-list@redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mulley, Nikhil wrote:
| Hi All,
| [Meant for Linux Hackers...Well I know all here belong to the same
community ;)]
| However , I have managed to get the htpasswd file of some other site..
| this htpasswd file has the fileds like..
| Username:Password
| (which I guess has some DES encryption and as the salt does not seem
to be start with $1$ which resembles hashing with MD5)
| So , Question is how can I ask my John(the Ripper) to start cracking
this file to give me the password...
|
| Any one any thoughts/ideas ?
|
| ~Nikhil.
| °v°
| /(_)\
| ^ ^
|
While I do not see this being a good approach to the question, I do see
reasonable (legal) uses for your question. I, however, will not say
anything about how to use John the Ripper. It can be a good tool to use
as log as there is a good legal reason.

As far as the password hashing with MD5, to the best of my knowledge
there is no way to figure out what the password is without generating
every possible combination and comparing the MD5 hash of both. The
whole reason for using MD5 hashes is to keep from saving the password in
~ a decryptable form. To verify authenticity you compare the MD5 sum of
a password given with the MD5 sum that was created when the password was
created. Then you never sacrifice the password.

- --

Nathaniel Hall, GSEC
Intrusion Detection and Firewall Technician
Ozarks Technical Community College -- Office of Computer Networking

halln@otc.edu
417-447-7535

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (MingW32)

iD8DBQFB8+4uc+QrUawYcxIRAolXAJwKs4DwKuGm0z9mbgYJRQlfE69v4QCfRMih
uTRl7zJo9P3ASq4e6iLcsus=
=zI9j
-----END PGP SIGNATURE-----

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

• Previous message: Steve Buehler: "Re: decrypting htpasswd"
• In reply to: Mulley, Nikhil: "decrypting htpasswd"
• Next in thread: Mulley, Nikhil: "RE: decrypting htpasswd"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: Why checksum? [was Re: Fuzzy Lookups] ... But if you are just comparing two files, is there any reason to ... first DVD and compute its hash on the fly, ... That will be faster than big md5 computations, ... (comp.lang.python) Re: Rand generator (MD5) ... My micro cannot handle anything more than 32 bits! ... YOu do not have MD5. ... It does not sound to me like your hash implimentation is very ... void byteReverse(unsigned char *buf, unsigned longs); ... (sci.crypt) Re: Rand generator (MD5) ... My micro cannot handle anything more than 32 bits! ... YOu do not have MD5. ... It does not sound to me like your hash implimentation is very ... void byteReverse(unsigned char *buf, unsigned longs); ... (sci.crypt) Re: "Collision for Hash Functions MD4, MD5, HAVAL-128 and RIPEMD" ... this was the Year of Doom for cryptographic hash functions. ... These go into great detail on the SHA-0 and MD5 collisions ... Difficulty in the former is called "collision resistance", ... you probably meant to say was "I can find a *different* string whose ... (comp.os.linux.security) Re: Possibility to cheat integrity checking? ... No. Weaknesses have been found. ... I won't claim that you're -wrong- for continuing to use MD5 for file ... as a secure hash function. ... >criteria's for AES is that the cipher should be easily useable as a ... (Focus-IDS)