From owner-freebsd-security Sat Jul 13 23:24:32 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 79EE637B400 for ; Sat, 13 Jul 2002 23:24:30 -0700 (PDT) Received: from spork.pantherdragon.org (spork.pantherdragon.org [206.29.168.146]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0F68543E77 for ; Sat, 13 Jul 2002 23:24:30 -0700 (PDT) (envelope-from dmp@pantherdragon.org) Received: from sparx.pantherdragon.org (evrtwa1-ar10-4-61-236-062.evrtwa1.dsl-verizon.net [4.61.236.62]) by spork.pantherdragon.org (Postfix) with ESMTP id 7F887471D7; Sat, 13 Jul 2002 23:24:29 -0700 (PDT) Received: from pantherdragon.org (speck.techno.pagans [172.21.42.2]) by sparx.pantherdragon.org (Postfix) with ESMTP id E6C76FFD6; Sat, 13 Jul 2002 23:24:26 -0700 (PDT) Message-ID: <3D31191A.3AD13F70@pantherdragon.org> Date: Sat, 13 Jul 2002 23:24:26 -0700 From: Darren Pilgrim X-Mailer: Mozilla 4.76 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Naga Suresh B Cc: freebsd-security@FreeBSD.ORG Subject: Re: plain text password References: <009901c22a37$7ffed450$9600a8c0@blraddrcom> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Naga Suresh B wrote: > > Hai, > > How can I change the password file into a plain text password, it > should not use any authentication either MD5 or Pam. I need this solution as > early as possible. There are programs in ports that you can use to do dictionary and exhaustive attacks against the hashes. This is the only way to get the plaintext passwords. After that, the method you use for storing the plaintext outside of the system password database is up to you. If you actually want the pwdb to use plaintext instead of hashes, you'll need to hack the source yourself as the password system was not designed to not use crypto. Start with getpass(3), read the source for /usr/bin/passwd, etc. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message