An easy way to decrypt encrypted password

[satimis]

Hi folks,

What will be the easy way to decrypt encrypted passwords on MySQL table. Googling brought me many suggestions on crypt/decrypt running scripts. Please advise. TIA

B.R.
satimis

[dxqcanada]

I think it depends on what algorithm was used to encrypt the password.

[satimis]

I think it depends on what algorithm was used to encrypt the password.

Hi dxqcanada,

I have no idea. I think the encrypt function of MySQL uses the Unix crypt command to encrypt.

B.R.
satimis

[Rubberman]

The standard crypt function uses standard 56-bit DES encryption, using a salt value (2 characters) to randomize the resulting key. To verify a plain-text password, you take the first 2 chracters from the encrypted version as the salt value, and pass that and the plaintext password to the crypt() function. If the resulting encrypted value is the same as the stored value, then the password is valid. Unix, and I presume Linux, systems use a variety of input data, including the date/time to create the salt value used to create the original encrypted password stored in /etc/shadow. That is why a user can reset their password using the same string, and it will likely never create the same encrypted value.

That said, the only reasonable ways to "crack" Unix/Linux passwords is via a dictionary attack using the salt value stored in /etc/shadow, or using social engineering to get the user to reveal the password.