On Mon, Sep 06, 2004 at 08:01:55AM +0200, priou wrote: > Le lundi 06 Septembre 2004 00:43, Alexander Dalloz a écrit : > > Am So, den 05.09.2004 schrieb priou um 23:10: > > > i ve need to read , some passwd in my serveur ftp , but they are > > > crypted with shadow and i would like to make this : > > > > > > password_shadow ----> password_read_humain (printed on my screen ) > > > > > > exemple : > > > $1$59BDQjvM$WCC3rboNRyuRsDzV.bHHF1 => dodou > > > > That is impossible. You can't revert crypted passwords back to the > > original string. > > > > See "man crypt". > > ok :( > our ftp customers will not be happy ... Sell your customers a positive strong security answer. Let them know that their pass words are encrypted with a strong set of tools that requires years of computer time to decrypt. These tools never save pass words in unencrypted form. Thus they are well protected from pass word hackers by your process and tools. Let then know that you will be happy to reset their password (with correct authentication).... You do have a process and tool to reset the pass words? What this means is that even if an intruder obtains temporary read access to parts of the machine they do not have access to clear text pass words. See mkpasswd: to generate a unique secret word if you need it. CAUTION: It is true that tools like crack will automate stupid user tricks to generate long lists of common but weak pass words to test. If your ftp users select bad pass words a 'cracker' might with some effort find the key if a hacker exposed the encrypted passwd file. In my limited experience 20-30% of a large passwd file (etc/shadow) could be cracked in a day or two. 40% in a week or two on a fast machine. Beyond that it was brute strength and luck... Well chosen (and tested) root and system admin pass words keep (etc/shadow) well hidden. Recall what I said that pass words above "...are well protected from pass word hackers by your process and tools." Your good process and tools does not protect from uneducated users that select bad magic words.... -- T o m M i t c h e l l Just say no to 74LS73 in 2004
