Find the answer to your Linux question:
Results 1 to 4 of 4
Hi folks, What will be the easy way to decrypt encrypted passwords on MySQL table. Googling brought me many suggestions on crypt/decrypt running scripts. Please advise. TIA B.R. satimis...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux Guru
    Join Date
    Sep 2004
    Posts
    1,804

    An easy way to decrypt encrypted password


    Hi folks,

    What will be the easy way to decrypt encrypted passwords on MySQL table. Googling brought me many suggestions on crypt/decrypt running scripts. Please advise. TIA

    B.R.
    satimis

  2. #2
    Linux User dxqcanada's Avatar
    Join Date
    Sep 2006
    Location
    Canada
    Posts
    259
    I think it depends on what algorithm was used to encrypt the password.



    Men occasionally stumble over the truth,
    but most of them pick themselves up
    and hurry off as if nothing had happened.

    Winston Churchill


    ... then the Unix-Gods created "man" ...

  3. #3
    Linux Guru
    Join Date
    Sep 2004
    Posts
    1,804
    Quote Originally Posted by dxqcanada View Post
    I think it depends on what algorithm was used to encrypt the password.
    Hi dxqcanada,

    I have no idea. I think the encrypt function of MySQL uses the Unix crypt command to encrypt.

    B.R.
    satimis

  4. #4
    Linux Guru Rubberman's Avatar
    Join Date
    Apr 2009
    Location
    I can be found either 40 miles west of Chicago, in Chicago, or in a galaxy far, far away.
    Posts
    11,558
    The standard crypt function uses standard 56-bit DES encryption, using a salt value (2 characters) to randomize the resulting key. To verify a plain-text password, you take the first 2 chracters from the encrypted version as the salt value, and pass that and the plaintext password to the crypt() function. If the resulting encrypted value is the same as the stored value, then the password is valid. Unix, and I presume Linux, systems use a variety of input data, including the date/time to create the salt value used to create the original encrypted password stored in /etc/shadow. That is why a user can reset their password using the same string, and it will likely never create the same encrypted value.

    That said, the only reasonable ways to "crack" Unix/Linux passwords is via a dictionary attack using the salt value stored in /etc/shadow, or using social engineering to get the user to reveal the password.
    Sometimes, real fast is almost as good as real time.
    Just remember, Semper Gumbi - always be flexible!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •