[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: decrypting htpasswd



Steve Phillips wrote:

On Mon, 24 Jan 2005, Benjamin J. Weiss wrote:

Mulley, Nikhil wrote:

[I am not talking abt Cracking..] This is however to say that I ensure my security and warn others abt their security as well..
as earlier said ..the password file has two fields...
Username:Password
the password is in DES (hashed)Encryption format..
so I think there is a way to Rip it with John...

1) If you intentionally acquired this file without the permission of the server's owner, you have violated federal law. 2) If you accidentally acquired this file and then attempt to crack the password, you have violated federal law.


Except that the world is not the USA and there are still many countries where this is entirely legal, or does not fall under "federal" law. While his originating IP appears to be in Calafornia, he may actually be on the other side of the world.

True, he could easily have bounced off of another host. I broke the cardinal rule...I made an unproven assumption that his IP showed that he was in fact in the US. Mea Culpa. :)

Morally your arguments hold up but claiming this on an international mailing list is a little silly.

Yep, true. I need to go upstairs and ask our legal dept. about international treaties on cracking. Of course, I'd have to know what country he's in, if not the USA.

If you truly came upon this file accidentally and you want to warn the owners about their security, simply give them a copy of the file you captured and then delete it.

I work for a state law-enforcement agency. If you wish assistance in contacting the server owners, please contact me off-list.


There are actually rather legitimate reasons for wanting to crack a password file. this may be the only record of a password used by a previous employee who has locked other records with the same password but the hash is in a more secure form *shrug* who knows.

I agree that there are legitimate reasons. However, in his original post, he said:

[Meant for Linux Hackers...Well I know all here belong to the same community ;)]
However , I have managed to get the htpasswd file of some other site..

Which certainly suggested that he was attempting to attain assistance in an illicit and possibly illegal activity.

<snip>




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]