P
PerlFAQ Server
This is an excerpt from the latest version perlfaq8.pod, which
comes with the standard Perl distribution. These postings aim to
reduce the number of repeated questions as well as allow the community
to review and update the answers. The latest version of the complete
perlfaq is at http://faq.perl.org .
--------------------------------------------------------------------
8.11: How do I decode encrypted password files?
You spend lots and lots of money on dedicated hardware, but this is
bound to get you talked about.
Seriously, you can't if they are Unix password files--the Unix password
system employs one-way encryption. It's more like hashing than
encryption. The best you can do is check whether something else hashes
to the same string. You can't turn a hash back into the original string.
Programs like Crack can forcibly (and intelligently) try to guess
passwords, but don't (can't) guarantee quick success.
If you're worried about users selecting bad passwords, you should
proactively check when they try to change their password (by modifying
passwd(1), for example).
--------------------------------------------------------------------
The perlfaq-workers, a group of volunteers, maintain the perlfaq. They
are not necessarily experts in every domain where Perl might show up,
so please include as much information as possible and relevant in any
corrections. The perlfaq-workers also don't have access to every
operating system or platform, so please include relevant details for
corrections to examples that do not work on particular platforms.
Working code is greatly appreciated.
If you'd like to help maintain the perlfaq, see the details in
perlfaq.pod.
comes with the standard Perl distribution. These postings aim to
reduce the number of repeated questions as well as allow the community
to review and update the answers. The latest version of the complete
perlfaq is at http://faq.perl.org .
--------------------------------------------------------------------
8.11: How do I decode encrypted password files?
You spend lots and lots of money on dedicated hardware, but this is
bound to get you talked about.
Seriously, you can't if they are Unix password files--the Unix password
system employs one-way encryption. It's more like hashing than
encryption. The best you can do is check whether something else hashes
to the same string. You can't turn a hash back into the original string.
Programs like Crack can forcibly (and intelligently) try to guess
passwords, but don't (can't) guarantee quick success.
If you're worried about users selecting bad passwords, you should
proactively check when they try to change their password (by modifying
passwd(1), for example).
--------------------------------------------------------------------
The perlfaq-workers, a group of volunteers, maintain the perlfaq. They
are not necessarily experts in every domain where Perl might show up,
so please include as much information as possible and relevant in any
corrections. The perlfaq-workers also don't have access to every
operating system or platform, so please include relevant details for
corrections to examples that do not work on particular platforms.
Working code is greatly appreciated.
If you'd like to help maintain the perlfaq, see the details in
perlfaq.pod.