Ask the Expert

I have a few questions about the standard encrypted password file and one-way encrypted password fil

I'd like to ask you about the standard encrypted password file and one-way encrypted password file.

1. Would users with the same password have identical encrypted passwords on the password file?

2. If a hacker stole the password file could he/she crack the passwords using a brute force or dictionary attack?

3. If a perpetrator eavesdropped the password, as it was being entered and subsequently logged in as that user, would he/she gain access?

Thanks for your time

    Requires Free Membership to View

Every OS has its own way of encrypting and storing password file. For example UNIX uses one-way function that means it cannot be decrypted. The login program accepts the text you enter at the "Password:" prompt and then runs it through a cryptographic algorithm.

The results of that algorithm are then compared against the encrypted form of your password stored in the passwd file. It's always best to use Password Shadowing technique.

Windows NT passwords are encrypted as 32-bit MD4 way hashes. This is similar to the way that Unix stores passwords, although the hashing algorithm is a different one.

Windows NT password can be cracked using wordlists. This is much the same as attacking Unix passwords with word lists. In addition, Microsoft LAN Manager passwords can be brute forced. This means that every password on the system can be retrieved.

Once the password is known the hacker gains same access as that user unless the application or system restricts multiple logon with the same ID. Let me know if you need any further information.

This was first published in December 2003

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: