decrypting htpasswd

[Mulley, Nikhil]

[I am not talking abt Cracking..] This is however to say that I ensure my security and warn others abt their security as well..
as earlier said ..the password file has two fields...
Username:Password
the password is in DES (hashed)Encryption format..
so I think there is a way to Rip it with John...


> -----Original Message-----
> From: redhat-list-bounces at redhat.com
> [mailto:redhat-list-bounces at redhat.com]On Behalf Of Nathaniel Hall
> Sent: Monday, January 24, 2005 12:04 AM
> To: General Red Hat Linux discussion list
> Subject: Re: decrypting htpasswd
> 
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Mulley, Nikhil wrote:
> | Hi All,
> | [Meant for Linux Hackers...Well I know all here belong to the same
> community ;)]
> | However , I have managed to get the htpasswd file of some 
> other site..
> | this htpasswd file has the fileds like..
> | Username:Password
> | (which I guess has some DES encryption and as the salt does not seem
> to be start with $1$ which resembles hashing with MD5)
> | So , Question is how can I ask my John(the Ripper) to start cracking
> this file to give me the password...
> |
> | Any one any thoughts/ideas ?
> |
> | ~Nikhil.
> |  °v°
> | /(_)\
> |   ^ ^
> |
> While I do not see this being a good approach to the 
> question, I do see
> reasonable (legal) uses for your question.  I, however, will not say
> anything about how to use John the Ripper.  It can be a good 
> tool to use
> as log as there is a good legal reason.
> 
> As far as the password hashing with MD5, to the best of my knowledge
> there is no way to figure out what the password is without generating
> every possible combination and comparing the MD5 hash of both.  The
> whole reason for using MD5 hashes is to keep from saving the 
> password in
> ~ a decryptable form.  To verify authenticity you compare the 
> MD5 sum of
> a password given with the MD5 sum that was created when the 
> password was
> created.  Then you never sacrifice the password.
> 
> - --
> 
> Nathaniel Hall, GSEC
> Intrusion Detection and Firewall Technician
> Ozarks Technical Community College -- Office of Computer Networking
> 
> halln at otc.edu
> 417-447-7535
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (MingW32)
> 
> iD8DBQFB8+4uc+QrUawYcxIRAolXAJwKs4DwKuGm0z9mbgYJRQlfE69v4QCfRMih
> uTRl7zJo9P3ASq4e6iLcsus=
> =zI9j
> -----END PGP SIGNATURE-----
> 
> -- 
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>