If you have access to /etc/passwd and /etc/shadow, is it possible to figure out what the password is? I know you can reset it, but is there a way to recover it?
Asked
Active
Viewed 72 times
-1
Paul Knopf
- 1,231
-
https://unix.stackexchange.com/questions/145490/how-to-make-user-passwords-shown-as-a-clear-text-in-linux/145500 – Jan 29 '18 at 19:17
-
That isn't the same question. – Paul Knopf Jan 30 '18 at 21:46
-
Reference only. If it was the same I would've flag it as dupe instead of just commenting. – Jan 31 '18 at 14:21
1 Answers
3
In theory, with sufficient time and computational power, yes. But the entire point is that it's a one-way hash whereby the original password is supposed to be for practical purposes impossible to reverse-engineer from the hash.
DopeGhoti
- 76,081
-
2You can't reverse-engineer the password, but you can brute force it. Having the encrypted password is the first step in a brute force attempt (since brute forcing any kind of login mechanism is ridiculously slow). Though, while I say can it still may not be a feasible thing to do depending on the password strength. – Centimane Jan 29 '18 at 19:23
-
1Hence the short answer being "yes" and the long answer being "yes, but not for practical purposes". – DopeGhoti Jan 29 '18 at 19:34
-
1I'd argue both answers are "maybe". If the password is weak, the answer is yes. If the password is strong enough, the answer is no. – Centimane Jan 29 '18 at 19:39