passwords

[Mayers, P J]

I take objection to this - I realise I'm being picky, but that's not
decryption - that's a known ciphertext attack (guessed plaintext) and it's
entirely different.

We regularly run crack against our password files here and change (forcibly
if necessary) any weak passwords, but it's not a solution I'd pick for
converting /etc/passwd to smbpasswd - there are other, better methods, like
the null password and password migration options.

Cheers,
Phil 

-----Original Message-----
From: William Deakin
To: p.mayers at ic.ac.uk
Sent: 23/03/00 10:00
Subject: Re: passwords

Mayers, P J wrote:

> No, it's impossible. The passwords in /etc/passwd are not reversibly
> encrypted.

I'm not sure that this is completely true. It is *possible* to unencrypt
the passwords in the passwd and/or shadow file (this is what some
crackers
spend alot of time trying to do) and is the reason why there is a
separate
passwd and shadow file. However, it is not straightforward and depends
of
the OS and implementation/version.

Cheers,

Will



**********************************************************************
This email and its attachments are intended for the above 
named only and may be confidential.  If they have come to 
you in error, you must take no action based on them, nor 
must you copy or show them to anyone; please reply to this 
email and highlight the error.
Security Warning: Please note that this email has been 
created in the knowledge that the internet email is not a 
100% secure communications medium.  We advise that you 
understand and observe this lack of security when emailing us.
Viruses:  Although we have taken steps to ensure that this 
email and attachments are free from any virus, we advise 
that in keeping with good computing practice the recipient 
should ensure they are actually virus free.
If you have received this email in error please notify:
postmaster at pindar.com
**********************************************************************