5

I am trying to get access to my eReader and I managed to get the passwd file.

root:$1$hdhxObPx$TYFuTKsB9GGIgo53rF4bi1:0:0:root:/:/bin/sh
bin:*:1:1:bin:/bin:
daemon:*:2:2:daemon:/sbin:
nobody:*:99:99:Nobody:/:
s3c2440x::507:507:root:/:/bin/sh

I expected to see a standard hash string there or just "x" but this reminds me of something I have seen in MySQL databases, can anyone point me in the right direction please? What am I looking at?

Paŭlo Ebermann
  • 22,656
  • 7
  • 79
  • 117
nana
  • 153
  • 3
  • 1
    This question on U&L might help, too: http://unix.stackexchange.com/questions/8229/what-methods-are-used-to-encrypt-passwords-in-etc-passwd-and-etc-shadow –  Jun 18 '12 at 18:30

1 Answers1

6

Crypt based password hashes have several parts separated by $

  • The hash type, 1 in your case, this stands for MD5-crypt (this is not plain MD5)
  • The salt, hdhxObPx in your case
  • The actual hash TYFuTKsB9GGIgo53rF4bi1 in your case
  • Some schemes have additional parameters, such as a work-factor, but this does not apply to the scheme used in your example.

The MD5-Crypt scheme should be avoided, in favor of modern schemes, such as bcrypt (usually starting with $2a$). Not because MD5 is cryptographically broken, but because it has a constant work-factor, that's too small for the computational power modern attackers can field.

Check out crypt (C) on Wikipedia for further information.

CodesInChaos
  • 24,841
  • 2
  • 89
  • 128
  • "First the passphrase and salt are hashed together, yielding an MD5 message digest. Then a new digest is constructed, hashing together the passphrase, the salt, and the first digest, all in a rather complex form. Then this digest is passed through a thousand iterations of a function which rehashes it together with the passphrase and salt in a manner that varies between rounds. The output of the last of these rounds is the resulting passphrase hash." means I should probably look for a different vector af attack, right? – nana Jun 18 '12 at 18:50
  • The standard attack vector is guessing the password. Since GPUs are fast, you can use many password candidates. – CodesInChaos Jun 18 '12 at 19:05
  • I have John running already, with default settings and only slightly larger dictionary. This is not something I normally do that's why I don't really understand it. I just need to get in so I can install my own OS on it and make the device usable. I only have a laptop, without decent GPU. – nana Jun 18 '12 at 19:52
  • +1. Recently people at Wikipedia shuffled things around. Is crypt (C) on Wikipedia what this answer ought to link to? – David Cary Aug 04 '13 at 00:54