Q

I have a few questions about the standard encrypted password file and one-way encrypted password fil

I'd like to ask you about the standard encrypted password file and one-way encrypted password file.

1. Would users with the same password have identical encrypted passwords on the password file?

2. If a hacker stole the password file could he/she crack the passwords using a brute force or dictionary attack?

3. If a perpetrator eavesdropped the password, as it was being entered and subsequently logged in as that user, would he/she gain access?

Thanks for your time

Every OS has its own way of encrypting and storing password file. For example UNIX uses one-way function that means it cannot be decrypted. The login program accepts the text you enter at the "Password:" prompt and then runs it through a cryptographic algorithm.

The results of that algorithm are then compared against the encrypted form of your password stored in the passwd file. It's always best to use Password Shadowing technique.

Windows NT passwords are encrypted as 32-bit MD4 way hashes. This is similar to the way that Unix stores passwords, although the hashing algorithm is a different one.

Windows NT password can be cracked using wordlists. This is much the same as attacking Unix passwords with word lists. In addition, Microsoft LAN Manager passwords can be brute forced. This means that every password on the system can be retrieved.

Once the password is known the hacker gains same access as that user unless the application or system restricts multiple logon with the same ID. Let me know if you need any further information.

This was first published in December 2003

Dig deeper on Network Security Monitoring and Analysis

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchSDN

SearchEnterpriseWAN

SearchUnifiedCommunications

SearchMobileComputing

SearchDataCenter

SearchITChannel

Close