Originally posted by: mdchesne
Originally posted by: Kilrsat
Originally posted by: mdchesne
It takes alot of skill to manually decrpyt a password from the bank seeing as no program CAN decrypt a unix-encrypted password.
Apparently you've never heard of John the Ripper. Again, if you don't know much about the subject don't go aroung proclaiming the security aspects of each system.
do you know HOW to decrpyt a mac, linux, unix password? because each password is encrypted using it's own unique process for each system, no one program can decrypt every password. That's why those OSes are so secure. the only way to do it is to access the password bank through root or faking a user account. Then you have to manually enter a whole buttload of random words and try to get the encrypted word to look similar to the encrypted password. Eventually with enough patience and a simple-enough password can you find the password itself. regardless of what you say, it DOES take skill
and yes, i've heard of john the ripper. it's a weak password cracking program. in fact, it even says that itself
"John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords"
if your password is "god" or "root" or "sex", then yes, it can find that simple of encrypted password. hell, i could just by guessing. those are some of the top 20 passwords used. but let that retard of a program try to deencrypt passwords such as m2niKk82/[[1' and see how far it goes before crapping out
Unrestricted physical access to a machine means all security bets are off. Consider all passwords compromised. It doesn't matter what system you're on. I know you're this "hacking expert," but your continued statements prove otherwise. A rainbow table based attack would find even your complex "m2niKk82/[[1'" example in a relatively short amount of time, but of course you knew that. Yes, even John the Ripper would be able to find that password on the majority of default *nix installs given a decent amount of time.