From owner-freebsd-questions Mon Mar 25 03:08:08 1996 Return-Path: owner-questions Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id DAA14305 for questions-outgoing; Mon, 25 Mar 1996 03:08:08 -0800 (PST) Received: from tulpi.interconnect.com.au (tulpi.interconnect.com.au [192.189.54.18]) by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id DAA14299 for ; Mon, 25 Mar 1996 03:08:04 -0800 (PST) Received: from ahill.mel.interconnect.com.au (ahill.mel.interconnect.com.au [202.21.8.125]) by tulpi.interconnect.com.au with SMTP id WAA27373 (8.7.4/IDA-1.6); Mon, 25 Mar 1996 22:07:18 +1100 (EST) Message-ID: <3156832C.167EB0E7@interconnect.com.au> Date: Mon, 25 Mar 1996 22:27:40 +1100 From: ahill Organization: connect.com.au X-Mailer: Mozilla 2.0 (X11; I; FreeBSD 2.1.0-RELEASE i386) MIME-Version: 1.0 To: Chad Shackley CC: questions@freebsd.org Subject: Re: Passwords References: <199603230504.VAA28720@mercury.gaianet.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > > I have a pretty simple question. How do I find out what someone's password > is ? There are three ways, and two are easy. The first is ask them. The second is make a guess, encrypt it using the crypt function (the one in perl is handy), and compare the result with the encrypted copy kept in master.passwd. (Note - when encrypting your guess you will have to use the same 'salt' as was used when their password was originaly created. The 'salt' is usually the first few characters of the encypted password - perhaps someone else knows which ones.) Of course this may take a while if the person followed the basic rules when thinking up a password. The third (hard) way is to watch them enter it using a netowrk sniffer or something sneaky like that. Network sniffers tend to be complex things to impliment and use.