jimmywu013 at gmail.com
Tue Aug 21 19:23:45 UTC 2007
On 8/21/07, Smoot Carl-Mitchell <smoot at tic.com> wrote:
> On Tue, 2007-08-21 at 14:25 +1000, Michael James wrote:
> > /etc# cat shadow
> > root:*:13661:0:99999:7:::
> > daemon:*:13621:0:99999:7:::
> > bin:*:13621:0:99999:7:::
> > <snip lots more system entries>
> It is not a good idea to reveal your password hashes (I have removed
> them from this email). The MD5 hashing algorithm used to generate the
> hashes in GNU/Linux systems is fairly strong, but can be broken with a
> brute force type attack which is much simpler if you know the password
> hashes. I'd suggest changing your password, since everyone on the list
> now knows your password hashes. This is the principal
> reason /etc/shadow is protected from normal users.
> The '*" in the second field could be any character, since a single '*'
> is not a legitimate password hash. In practice the '*' is used
> conventionally to indicate a locked account.
> For a quick introduction to the various Unix/Linux password hashing
> schemes see: http://en.wikipedia.org/wiki/Crypt_(Unix)
> Smoot Carl-Mitchell
> System/Network Architect
> email: smoot at tic.com
> cell: +1 602 421 9005
> home: +1 480 922 7313
> Are those really Md5 hashes? I thought (correct me if i'm wrong) that an
md5 hash was exactly 32 bytes of hexadecimal.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the ubuntu-users