I have a password file that looks like so.

matthew:38GB3fsjfwH7Y
etc.

Can anyone tell me how this hashed password is generated? I know its a one
way hash and I cannot reverse it. I just want to know how the output was
created.

Basically I have nearly a thousand usernames and passwords to add to a email
server and I want to cheat and write a script to automate it and dump
directly into file rather then use web GUI.

Matt

"Matt" <nospam_ng@fileholder.net> wrote in
news:10rpl6qeurcfv1c@corp.supernews.com:

> I have a password file that looks like so.
>
> matthew:38GB3fsjfwH7Y
> etc.
>
> Can anyone tell me how this hashed password is generated? I know its
> a one way hash and I cannot reverse it. I just want to know how the
> output was created.
>
> Basically I have nearly a thousand usernames and passwords to add to a
> email server and I want to cheat and write a script to automate it and
> dump directly into file rather then use web GUI.
>

What part of "one way hash" do you NOT understand?

Why do think you can "cheat"?

If you could "cheat", what does that say about the security of linux?

"Matt" <nospam_ng@fileholder.net> escribió en el mensaje
news:10rpl6qeurcfv1c@corp.supernews.com...
> I have a password file that looks like so.
>
> matthew:38GB3fsjfwH7Y
> etc.
>
> Can anyone tell me how this hashed password is generated? I know its a
one
> way hash and I cannot reverse it. I just want to know how the output was
> created.
>
> Basically I have nearly a thousand usernames and passwords to add to a
email
> server and I want to cheat and write a script to automate it and dump
> directly into file rather then use web GUI.
>
> Matt
>
I don't think you'll succeed with this plan... unless you find a way to make
your mail server use the system password database for authentication, or at
least use the same method.
One thing to keep in mind, is that mail passwords on many protocols are sent
unencrypted over the network, so anyone sniffing can see them, and If
they're the same passwords to access the system, the "bad guy" can not only
read users emails, but also access the system...
Good luck,

--
chabral

"Matt" <nospam_ng@fileholder.net> said:
>I have a password file that looks like so.
>
>matthew:38GB3fsjfwH7Y
>etc.
>
>Can anyone tell me how this hashed password is generated? I know its a one
>way hash and I cannot reverse it. I just want to know how the output was
>created.

The two first characters are 'salt' used for the hashing, the rest is the
hash result of 'crypt()'.

An example to hash the word 'password' with salt 'xx' in perl:
perl -e 'print crypt("password","xx"),"\n";'

The salt used should be random (esp. DO NOT pick initial two characters of
the password), and should consist of two characters from set
'.', '/', 0..9, 'A'..'Z', 'a'..'z' .
--
Wolf a.k.a. Juha Laiho Espoo, Finland
(GC 3.0) GIT d- s+: a C++ ULSH++++$ P++@ L+++ E- W+$@ N++ !K w !O !M V
PS(+) PE Y+ PGP(+) t- 5 !X R !tv b+ !DI D G e+ h---- r+++ y++++
"...cancel my subscription to the resurrection!" (Jim Morrison)

In article <10rpl6qeurcfv1c@corp.supernews.com>, Matt wrote:

>I have a password file that looks like so.
>
>matthew:38GB3fsjfwH7Y
>etc.

Interesting - most distributions have moved to the shadow password mode.

>Can anyone tell me how this hashed password is generated?

Depends on your distribution - some use crypt(3) which is DES, some use
other algorithms. See that crypt man page for details.

>Basically I have nearly a thousand usernames and passwords to add to a email
>server and I want to cheat and write a script to automate it and dump
>directly into file rather then use web GUI.

Again - it depends on the distribution.

[compton ~]$ whatis chpasswd
chpasswd (8) - update password file in batch
[compton ~]$

You may want to have a look in 'alt.os.linux' - as there is a thread titled
'script for creating bulk users' that might help you.

Old guy

>>I have a password file that looks like so.
>>
>>matthew:38GB3fsjfwH7Y
>>etc.
>>
>>Can anyone tell me how this hashed password is generated? I know its a
>>one
>>way hash and I cannot reverse it. I just want to know how the output was
>>created.
>
> The two first characters are 'salt' used for the hashing, the rest is the
> hash result of 'crypt()'.
>
> An example to hash the word 'password' with salt 'xx' in perl:
> perl -e 'print crypt("password","xx"),"\n";'

This is exactly the info I needed. I was able to export my database to a
report then with a script parse it and create a passwd file. Saved me a lot
of typing.

Thanks.

Matthew


> The salt used should be random (esp. DO NOT pick initial two characters of
> the password), and should consist of two characters from set
> '.', '/', 0..9, 'A'..'Z', 'a'..'z' .
> --
> Wolf a.k.a. Juha Laiho Espoo, Finland
> (GC 3.0) GIT d- s+: a C++ ULSH++++$ P++@ L+++ E- W+$@ N++ !K w !O !M V
> PS(+) PE Y+ PGP(+) t- 5 !X R !tv b+ !DI D G e+ h---- r+++ y++++
> "...cancel my subscription to the resurrection!" (Jim Morrison)