Re: password hash in shadow file

To: Adam Weremczuk <adamw@matrixscience.com>
Cc: debian-user@lists.debian.org
Subject: Re: password hash in shadow file
From: tomas@tuxteam.de
Date: Tue, 13 Mar 2018 17:19:10 +0100
Message-id: <[🔎] 20180313161910.GE11222@tuxteam.de>
In-reply-to: <[🔎] 7d5f6e8e-647e-e566-1b7c-5efce9e9f12b@matrixscience.com>
References: <[🔎] 3be5739b-3427-754d-0dbd-a0366c46823a@matrixscience.com> <[🔎] 20180313154742.GD11222@tuxteam.de> <[🔎] 7d5f6e8e-647e-e566-1b7c-5efce9e9f12b@matrixscience.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, Mar 13, 2018 at 04:01:52PM +0000, Adam Weremczuk wrote:
> I think it was me invoking "passwd" as root and aborting (ctrl+D)
> without making any changes.
> Would that be enough to update the shadow file?

Hm. That depends on which point you invoked abort at, but naively
I'd say "no". Note that the system doesn't "know" your password,
only its hash -- so if it succeeded in storing the SHA-1 of your
password (you say it didn't change, did you?) without you telling
it, then it would have to crack your MD5 password hash.

Still strange. Are you sure that you stopped "passwd" early enough?
Had you entered the password already? Twice?

Cheers
- -- t
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlqn+f4ACgkQBcgs9XrR2kYu2ACePqhJ8m5QgIqwleJBpHFPo0Ng
x6sAnRpH4q2J9UqbT7aypggmxFLaIhjH
=qwpf
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- Re: password hash in shadow file
  - From: Adam Weremczuk <adamw@matrixscience.com>

References:
- password hash in shadow file
  - From: Adam Weremczuk <adamw@matrixscience.com>
- Re: password hash in shadow file
  - From: <tomas@tuxteam.de>
- Re: password hash in shadow file
  - From: Adam Weremczuk <adamw@matrixscience.com>

Prev by Date: Re: password hash in shadow file
Next by Date: Re: password hash in shadow file
Previous by thread: Re: password hash in shadow file
Next by thread: Re: password hash in shadow file
Index(es):
- Date
- Thread