On Mon, 2004-09-06 at 02:47, Jeff Vian wrote: > > > > > > That is impossible. You can't revert crypted passwords back to the > > > original string. > > > > > > See "man crypt". > > > > > > Alexander > > > > ok :( > > our ftp customers will not be happy ... > > thank for your answer > > > > alexandre > > It is possible to recover some of the passwords with a lot of processing > power if you use crack on the password files (on a system where you have > permission to do so). However, it is a brute force crack and not a > decrypt method. I probably missed part of this thread. But if you are trying to recover lost passwords for customers using ftp why not setup a process to assign a temporary password then let the customer set the password to what they want to use? You would need to setup a secure web page to do this. Of course ftp is bad in that normally the password is sent in clear text over the network. There are secure versions of ftp that would be preferable if available. Brute force attacks on the password file can work given enough time. And may work fairly quickly if the users chose poor passwords. But if a good password is chosen it can take substantial time. I think a password reset process would be much more effective. I also would think your customers would appreciate the fact that their passwords are relatively secure even from the admins. -- Scot L. Harris webid@xxxxxxxxxx > > > > Wait. Don't you mean: Yes. Just ignore me when I show extreme signs of Alzheimers. - Linus Torvalds on linux-kernel
