1. Would users with the same password have identical encrypted passwords on the password file?
2. If a hacker stole the password file could he/she crack the passwords using a brute force or dictionary attack?
3. If a perpetrator eavesdropped the password, as it was being entered and subsequently logged in as that user, would he/she gain access?
Thanks for your time
Every OS has its own way of encrypting and storing password file. For example UNIX uses one-way function that means it cannot be decrypted. The login program accepts the text you enter at the "Password:" prompt and then runs it through a cryptographic algorithm.
The results of that algorithm are then compared against the encrypted form of your password stored in the passwd file. It's always best to use Password Shadowing technique.
Windows NT passwords are encrypted as 32-bit MD4 way hashes. This is similar to the way that Unix stores passwords, although the hashing algorithm is a different one.
Windows NT password can be cracked using wordlists. This is much the same as attacking Unix passwords with word lists. In addition, Microsoft LAN Manager passwords can be brute forced. This means that every password on the system can be retrieved.
Once the password is known the hacker gains same access as that user unless the application or system restricts multiple logon with the same ID.
Let me know if you need any further information.
This was first published in December 2003