I'd like to ask you about the standard encrypted password file and one-way encrypted password file.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
1. Would users with the same password have identical encrypted passwords on the password file?
2. If a hacker stole the password file could he/she crack the passwords using a brute force or dictionary attack?
3. If a perpetrator eavesdropped the password, as it was being entered and subsequently logged in as that user, would he/she gain access?
Thanks for your time
Every OS has its own way of encrypting and storing password file. For example UNIX uses one-way function that means it cannot be decrypted. The login program accepts the text you enter at the "Password:" prompt and then runs it through a cryptographic algorithm.
The results of that algorithm are then compared against the encrypted form of your password stored in the passwd file. It's always best to use Password Shadowing technique.
Windows NT passwords are encrypted as 32-bit MD4 way hashes. This is similar to the way that Unix stores passwords, although the hashing algorithm is a different one.
Windows NT password can be cracked using wordlists. This is much the same as attacking Unix passwords with word lists. In addition, Microsoft LAN Manager passwords can be brute forced. This means that every password on the system can be retrieved.
Once the password is known the hacker gains same access as that user unless the application or system restricts multiple logon with the same ID. Let me know if you need any further information.
Related Q&A from Puneet Mehta
To view network security expert Puneet Mehta's latest advice, see his Public Profile on the IT Knowledge Exchange: http://...continue reading
Find out if there's a difference between a virtual private network (VPN) concentrator and a network access server (NAS) in this explanation from our ...continue reading
Our network security expert explains how to keep unauthorized users from accessing your router's IP address for Internet access in this advice ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.