1996-07-24 - Re: Decrypt Unix Password File

Header Data

From: Bill Stewart <stewarts@ix.netcom.com>
To: Jerome Tan <jti@i-manila.com.ph>
Message Hash: 801abad763fd7dd32aa19f64728fdc389c5834e37bf8e1827b5fd203796fe1ca
Message ID: <199607240324.UAA08871@toad.com>
Reply To: N/A
UTC Datetime: 1996-07-24 08:12:03 UTC
Raw Date: Wed, 24 Jul 1996 16:12:03 +0800

Raw message

From: Bill Stewart <stewarts@ix.netcom.com>
Date: Wed, 24 Jul 1996 16:12:03 +0800
To: Jerome Tan <jti@i-manila.com.ph>
Subject: Re: Decrypt Unix Password File
Message-ID: <199607240324.UAA08871@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:46 PM 7/23/96 +0800, Jerome wrote:
>How can I decrypt Unix password file?

Get the source for a a Unix-compatible password encryptor,
reverse it to make it a decryption program,
take the line for a user from the password file, 
decode it from printable-ASCII format to the binary value, 
and enter the user's password.  If you've written your programs
correctly, you'll get the original secret value*.
If this secret value is less than exciting to you (:-),
try lots of things that might be the user's password,
and one of them will work.

Exercises for the reader:
0) What's a "shadow password file"?  Does it affect the methods
described above?

1) Since you know the secret value, you could try using
your existing Unix password software and seeing if you get
the correct encrypted value when you put in the correct password.
1A) Does this suggest some more useable algorithms?
1B) What does the Unix manual page for crypt(3) say about it?
1C) Can you implement a program that does this successfully?
1D) How many tries do you think it will take?
1E) Does anybody on your system use wimpy passwords?

2) Are there any books or papers describing how the Unix Password System
works that would help you understand?
2A) Where would you look for them?
2B) Are they on the Web?  How would you find out?
2C) Which of the following famous authors of Unix wrote
important papers about the topic: Dennis Ritchie?  Ken Thompson?
Brian Kernighan? Rob Pike?  Fred Grampp?  Bob Morris Sr.?  Jr.?
The Brahms Gang?  Bill Joy?  Matt Crawford?  How would you find out?
Did they write anything else interesting?

3) Has anyone else implemented any Unix password cracking programs?
What countries with very cold weather would have them on popular
ftp sites?  Are they more effective than your implementation in 1C)?  Why?

4) If you're trying to crack passwords on a System V Unix system,
why should you always try to crack root's password?

[* hex 0000000000000000, I think. ]

In a later message, Jerome Tan also wrote:
> What is the code of password file of Unix? I have them but don't 
> know how read them. Any file converter or viewer for that?
A) The code is "RTFM"
B) The code is "Ask the user"






#				Thanks;  Bill
# Bill Stewart +1-415-442-2215 stewarts@ix.netcom.com
# http://www.idiom.com/~wcs
#				Confuse Authority!






Thread