ubuntu at james.st
Wed Aug 22 00:24:29 UTC 2007
On Wed, 22 Aug 2007 01:07:09 am Smoot Carl-Mitchell wrote:
> It is not a good idea to reveal your password hashes
True, Very True.
Those hashes have several characters changed.
Now if any reader can brute-force find which
and get the password, I WILL be impressed.
Linux is very different to Windows where the passwords are only obscured.
I booted a Windows PC I bought off a rescue tool called "ophcrack?"
and it happily de-crypted all the passwords including administrator.
So under Windows, having strong passwords makes little difference,
they can be recovered anyway. Under Linux the hashing really is
a one way process, so the only test is to "guess" and try.
If someone had my real hashes they could try millions of guesses,
from popular dictionaries and combinations and get any weak passwords.
I had to do this to a shadow file of 1000 passwords once,
and 400 dropped straight out. Horrifying.
More information about the ubuntu-users