decrypting htpasswd

[Nathaniel Hall]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mulley, Nikhil wrote:
| Hi All,
| [Meant for Linux Hackers...Well I know all here belong to the same
community ;)]
| However , I have managed to get the htpasswd file of some other site..
| this htpasswd file has the fileds like..
| Username:Password
| (which I guess has some DES encryption and as the salt does not seem
to be start with $1$ which resembles hashing with MD5)
| So , Question is how can I ask my John(the Ripper) to start cracking
this file to give me the password...
|
| Any one any thoughts/ideas ?
|
| ~Nikhil.
|  °v°
| /(_)\
|   ^ ^
|
While I do not see this being a good approach to the question, I do see
reasonable (legal) uses for your question.  I, however, will not say
anything about how to use John the Ripper.  It can be a good tool to use
as log as there is a good legal reason.

As far as the password hashing with MD5, to the best of my knowledge
there is no way to figure out what the password is without generating
every possible combination and comparing the MD5 hash of both.  The
whole reason for using MD5 hashes is to keep from saving the password in
~ a decryptable form.  To verify authenticity you compare the MD5 sum of
a password given with the MD5 sum that was created when the password was
created.  Then you never sacrifice the password.

- --

Nathaniel Hall, GSEC
Intrusion Detection and Firewall Technician
Ozarks Technical Community College -- Office of Computer Networking

halln at otc.edu
417-447-7535

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (MingW32)

iD8DBQFB8+4uc+QrUawYcxIRAolXAJwKs4DwKuGm0z9mbgYJRQlfE69v4QCfRMih
uTRl7zJo9P3ASq4e6iLcsus=
=zI9j
-----END PGP SIGNATURE-----