[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-developers] Password List

Subject: Re: [cobalt-developers] Password List
From: Jacob <jacob@xxxxxxxxxx>
Date: Thu Jan 17 02:37:04 2002
List-id: Discussion Forum for developers on Sun Cobalt Networks products <cobalt-developers.list.cobalt.com>

There is a tool called "john the ripper" that can be used to recover
passwords.

http://www.openwall.com/john/

The encryption used on the passwords on a cobalt box is one way, this
can be seen in the file /etc/shadow.  The way John works is to take a
word, encrypt it, and compare the results to the encrypted password.  If
they match, you have the password.

John comes with a dictionary and does a fair amount of morphing, ie
adding 1 to the end of a word.  It will then attempt standard brute
force techniques  It will work at a speed of about 50,000 tries per
second on a 800Mhz desktop.

If the users have special characters in their password, and may take
many decades to break the password, but easy ones will pop out pretty
quickly.  Given that you want this for users that may forget their
passwords, chances are their passwords won't be to complex.

You should copy both the /etc/passwd and /etc/shadow files onto fast
secure system ( ideally utilising 'air gap' technology) and use John to
join both the files and then crack them.

Not sure if this is what you after, I hope it helps.

Jacob.

On Thu, 2002-01-17 at 09:12, Ilmars Knipshis wrote:
> Hello Bigwig,
> 
> The best way is to keep passwords separately on a local computer.
> 
> I use simple in Delfi written programm to keep passwords sorted by
> usernames or site names and to be able to search in.
> 
> If there is an interest I can share with it.
> 
> Ilmars.
> Wednesday, January 16, 2002, 11:29:51 AM, you wrote:
> 
> BS> Is there any way that i can get a list of usernames and passwords for all 
> BS> the users on my site.  We are running a small ISP and have just moved to 
> BS> some new RAQ4's, quite often people tend to forget their passwords and we 
> BS> are never able to tell them their old one we can only change it to 
> BS> something new.  This can get a quite annoying when you have to do it 
> BS> several times a day and would be much easier solved if we had access to all 
> BS> their current access details from one interface, like on our old servers.
> 
> BS> Any thoughts much appreciated
> 
> BS> Mark Unsworth
> BS> Technical Support
> BS> Presbury Group
> 
> 
> BS> ---
> BS> Outgoing mail is certified Virus Free.
> BS> Checked by AVG anti-virus system (http://www.grisoft.com).
> BS> Version: 6.0.314 / Virus Database: 175 - Release Date: 11/01/02
> 
> 
> BS> _______________________________________________
> BS> cobalt-developers mailing list
> BS> cobalt-developers@xxxxxxxxxxxxxxx
> BS> http://list.cobalt.com/mailman/listinfo/cobalt-developers
> 
> 
> 
> -- 
> Regards,
>  Ilmars                            mailto:ilmars@xxxxxxxxxxxx
> 
> _______________________________________________
> cobalt-developers mailing list
> cobalt-developers@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-developers
>

References:
- [cobalt-developers] Password List
  - From: Bigwig Support
- Re: [cobalt-developers] Password List
  - From: Ilmars Knipshis

Prev by Date: Re: [cobalt-developers] Password List
Next by Date: [cobalt-developers] parseReport.pl and huge web.cache
Previous by thread: Re: [cobalt-developers] Password List
Next by thread: [cobalt-developers] cube 2 hangs during backup /help

Sun Cobalt Developers Message Index

Sun Cobalt Developers Thread Index