[CentOS] How to decrypt rootpassword form kickstart file

Warren Young

wyml at etr-usa.com
Wed Apr 1 13:10:47 UTC 2015


On Mar 30, 2015, at 11:08 PM, Jegadeesh Kumar <jegasmile at gmail.com> wrote:
> # Root password
> rootpw --iscrypted $1$1SItJOAg$UM9n7lRFK1/OCs./rgQtQ/
> # System authorization information
> auth  --useshadow  --passalgo=sha512

Those two settings are inconsistent.  The $1 at the beginning of that crypt(3) string means it’s an MD5 password.

> Is there any way to decry pt the password and get it as plain text.

Do you have any idea how long the original password is, and what “alphabet” it uses?  (i.e. Lowercase only, or mixed case?  Does it also include numbers and symbols?)

If so, this page will give you some idea of what it will take to crack that password:

   https://www.grc.com/haystack.htm

You are probably looking at something like the middle scenario, “offline fast attack,” since you probably don’t have a massive server farm to attack this with, and that page was probably written with MD5 attacks in mind, given that it was created in 2011.


More information about the CentOS mailing list