IPVMU Certified | 09/06/16 05:16pm
That was a good read. Thanks for sharing.
IPVMU Certified | 09/06/16 11:00pm
Pretty amazing read. Sounds like a social engineering attempt to me.
Unix systems don't store passwords to begin with.
They typically store salted one-way hashes.
Simply, lets imagine that only 4 digits were allowed as passwords, like a bank pin. If your password was 1234 (not reccommended) a valid hash might be 10, assuming the systems algorithm is "add the digits" (not recommended).
But, the hash would be the same for 4231 and 6004, etc.*
Salting your hash is a way of protecting everyones password from hashing the same on different systems by adding a little something unexpected at the end. So a simple salt might double your hash and add 11 (recommended because everyone knows prime numbers are way more secure).
So now whats in the system is 10 * 2 + 11 = 31, not 1234.
Therefore to know for sure, you would have to ask everyone what their password was and then hash and salt it and see if matches what the system has.
*Yes, in the real world, even with 56 byte hashes, there is a infestimally small chance your password would work on some else's account, but your not trying right?