×

Loading...
Ad by
  • 推荐 OXIO 加拿大高速网络,最低月费仅$40. 使用推荐码 RCR37MB 可获得一个月的免费服务
Ad by
  • 推荐 OXIO 加拿大高速网络,最低月费仅$40. 使用推荐码 RCR37MB 可获得一个月的免费服务

1,2answers, 3见上,但觉得最可靠的方法是by inode

本文发表在 rolia.net 枫下论坛Passwords aren't encrypted, but hashed. The distinction is that there
isn't any way to decrypt the data in the shadow file to obtain the
actual password. The password which is entered by the user is
concatenated with the salt and the result is then hashed. The hash is
compared against the one from the shadow (or passwd) file.

In the above, "$1$" indicates that the entry is hashed using MD5 (as
opposed to the traditional DES hash), "shGNybY9" is the salt, and
"L)J1gwitzN6LoeS0pMpNc/" is the base64-encoded hash (an MD5 hash is a128-bit value).

2. In the /etc/shadow file how is the password "!za1aId0hfZ2IA" encrypted and what significance does this password hold?

That is a DES hashed password, where "za" is the salt and
"1aId0hfZ2IA" is the base64-encoded DES hash (DES hashes are 64 bits, although only 56 bits are significant). The leading "!" indicates that
the account is locked (it also ensures that any attempt to validate a
password will fail, regardless of the actual password which is
entered).更多精彩文章及讨论,请光临枫下论坛 rolia.net
Report

Replies, comments and Discussions:

  • 工作学习 / IT技术讨论 / 求教几个UNIX技术问题。
    1。In the /etc/shadow file how is the password "$1$shGNybY9$L)J1gwitzN6LoeS0pMpNc/" encrypted?
    2. In the /etc/shadow file how is the password "!za1aId0hfZ2IA" encrypted and what significance does this password hold?
    3. How would you create and remove a file named "--help"?
    • 没有人知道吗?
      • 1,2 不知道, 3用script.
        • thanks anyway. Need Unix Expert help.
        • 3用\
          • u mean just "\--help"?!
            • \-\-
        • Could u give me the details?
          • 你要知道password 干嘛?
            • 是面试的题阿,没办法。
              • 1,2问题看不懂.
              • 3. touch ./--help; rm -f ./--help
                • echo > --help 也行
    • 1.encrypted 2.done by system 3.touch --help and rm --help? not sure
      • do u think Q3 should be "touch \--help" and "rm \--help"?
        • i'm not sure. \ was used in RE, not sure for the system.
    • 1.好像是md5 吧。不能还原的。 2和1 有什么区别阿?看不懂。 3。rm -- --help
    • 2: first two letters are the "salt"(the seed for encryption), rest letters are encrypted xxx (MI MA). 3: try quote the file name: touch "--help" or touch '--help',
      in most time single quote doesn't explain the letter in cmd line.

      I don't have access to unix, try urself.
      • "--help" 这个不灵。
        • try single quote
          • 什么quote都不灵。就是 rm -- --help 和 rm ./--help 可以。
    • 像3这种问题,面试时还真答不出来。 但是有环境做做实验看看帮助就出来了。rm \--help 不对,rm -- --help. rm ./--help 这个高。
      • if use escape character, the cmd line will be touch \-\-help
        • 这个不对。
        • 反斜杠是标准,放之四海而皆准.1, 2 两题是变态,谁他妈的吃保了撑的做这个.
          • 当然要带path.
      • or if there is only one file end with help. u can try touch *help
    • 1. it is crypted by cmd "crypt", not all the system set that cmd as default installtion. cmd crypt references share library crypt.so, which is standard installation.
      cmd passwd, which generate and change password to file /etc/passwd, also reference the .so file directly or indirectly
    • 谢谢大家,不过还是没有标准答案阿。
      • 关于口令加密的问题我是这样理解地
        加密的传统方法应该是des, 或其衍生和加强方法,但是采用用户密码明文作为秘钥,所以要解密是不可能地。
        用户登录时,将所输入的密码采用同样的方式加密一遍,然后再和passwd或shadow里的加密后的字串比较,如果一致,则密码有效。
        这种情况下对密码的破解都是采用暴力破解,你可以到网上去搜一下相应的黑客程序。
      • 1,2answers, 3见上,但觉得最可靠的方法是by inode
        本文发表在 rolia.net 枫下论坛Passwords aren't encrypted, but hashed. The distinction is that there
        isn't any way to decrypt the data in the shadow file to obtain the
        actual password. The password which is entered by the user is
        concatenated with the salt and the result is then hashed. The hash is
        compared against the one from the shadow (or passwd) file.

        In the above, "$1$" indicates that the entry is hashed using MD5 (as
        opposed to the traditional DES hash), "shGNybY9" is the salt, and
        "L)J1gwitzN6LoeS0pMpNc/" is the base64-encoded hash (an MD5 hash is a128-bit value).

        2. In the /etc/shadow file how is the password "!za1aId0hfZ2IA" encrypted and what significance does this password hold?

        That is a DES hashed password, where "za" is the salt and
        "1aId0hfZ2IA" is the base64-encoded DES hash (DES hashes are 64 bits, although only 56 bits are significant). The leading "!" indicates that
        the account is locked (it also ensures that any attempt to validate a
        password will fail, regardless of the actual password which is
        entered).更多精彩文章及讨论,请光临枫下论坛 rolia.net
        • thanks a lot.
    • 这样
      C有一个加密的函数, crypt(), 这种加密是不可逆的,你只能通过函数和你的密码得到加密的密码和储存的密码比较。

      remove file --help

      rm ./--help
    • thanks a million to all of you.
    • 谢谢大家,我想大家最开始可能和我一样都没看明白。我刚才又重新读了一遍题目,发现1、2题并不是要大家找出来password,而是问用什么样的加密方法。谢谢pipibug(golf)最后的回答。
      • 我的答案也是翻出来的,凭良心说,如果是一个interview问这种问题, 是偏了,知道用md5还是DES无意义,不同的平台也不见得就一样. 3还可以忍受. 也谢谢你贴出来,大家都有提高.