Find another Sudoers Password
Clash Royale CLAN TAG#URR8PPP up vote
-1
down vote
favorite
Is there any way that an administrator could find out the password to another administrator or even non administrator's account?
I've made an oops and forgotten the password I used to use for a few of my machines. I don't want to reset from grub/recovery mode at every box, it would be more helpful to find out that password and keep using it for security reasons.
Worst case scenario I will reset the passwords, but this is not the question, I know how to do that. Yes or no is the format I would genuinely prefer.
sudo password security administrator
edited Feb 9 at 21:56
Byte Commander
59.8k26159269
asked Feb 9 at 21:47
Tmanok
155
add a comment |Â
up vote
-1
down vote
favorite
Is there any way that an administrator could find out the password to another administrator or even non administrator's account?
I've made an oops and forgotten the password I used to use for a few of my machines. I don't want to reset from grub/recovery mode at every box, it would be more helpful to find out that password and keep using it for security reasons.
Worst case scenario I will reset the passwords, but this is not the question, I know how to do that. Yes or no is the format I would genuinely prefer.
sudo password security administrator
edited Feb 9 at 21:56
Byte Commander
59.8k26159269
asked Feb 9 at 21:47
Tmanok
155
No. It would make no sense if one user (admin or not) could easily find paswords of other users.
– mikewhatever
Feb 9 at 21:57
Related: askubuntu.com/q/383057/367990
– Byte Commander
Feb 9 at 22:20
Not entirely certain why I got downvoted but anyway yes it would defeat the purpose and technically yes you can decrypt a hash btw so long as you know it's derivation which seeing as linux is entirely opensource I don't see why not. Good news- passwords recalled! Getting too old for this stuff.
– Tmanok
Feb 13 at 19:58
add a comment |Â
up vote
-1
down vote
favorite
up vote
-1
down vote
favorite
Is there any way that an administrator could find out the password to another administrator or even non administrator's account?
I've made an oops and forgotten the password I used to use for a few of my machines. I don't want to reset from grub/recovery mode at every box, it would be more helpful to find out that password and keep using it for security reasons.
Worst case scenario I will reset the passwords, but this is not the question, I know how to do that. Yes or no is the format I would genuinely prefer.
sudo password security administrator
edited Feb 9 at 21:56
Byte Commander
59.8k26159269
asked Feb 9 at 21:47
Tmanok
155
Is there any way that an administrator could find out the password to another administrator or even non administrator's account?
I've made an oops and forgotten the password I used to use for a few of my machines. I don't want to reset from grub/recovery mode at every box, it would be more helpful to find out that password and keep using it for security reasons.
Worst case scenario I will reset the passwords, but this is not the question, I know how to do that. Yes or no is the format I would genuinely prefer.
sudo password security administrator
sudo password security administrator
edited Feb 9 at 21:56
Byte Commander
59.8k26159269
asked Feb 9 at 21:47
Tmanok
155
edited Feb 9 at 21:56
Byte Commander
59.8k26159269
asked Feb 9 at 21:47
Tmanok
155
edited Feb 9 at 21:56
Byte Commander
59.8k26159269
edited Feb 9 at 21:56
Byte Commander
59.8k26159269
edited Feb 9 at 21:56
Byte Commander
59.8k26159269
59.8k26159269
asked Feb 9 at 21:47
Tmanok
155
asked Feb 9 at 21:47
Tmanok
155
asked Feb 9 at 21:47
Tmanok
155
155
No. It would make no sense if one user (admin or not) could easily find paswords of other users.
– mikewhatever
Feb 9 at 21:57
Related: askubuntu.com/q/383057/367990
– Byte Commander
Feb 9 at 22:20
Not entirely certain why I got downvoted but anyway yes it would defeat the purpose and technically yes you can decrypt a hash btw so long as you know it's derivation which seeing as linux is entirely opensource I don't see why not. Good news- passwords recalled! Getting too old for this stuff.
– Tmanok
Feb 13 at 19:58
add a comment |Â
No. It would make no sense if one user (admin or not) could easily find paswords of other users.
– mikewhatever
Feb 9 at 21:57
Related: askubuntu.com/q/383057/367990
– Byte Commander
Feb 9 at 22:20
Not entirely certain why I got downvoted but anyway yes it would defeat the purpose and technically yes you can decrypt a hash btw so long as you know it's derivation which seeing as linux is entirely opensource I don't see why not. Good news- passwords recalled! Getting too old for this stuff.
– Tmanok
Feb 13 at 19:58
No. It would make no sense if one user (admin or not) could easily find paswords of other users.
– mikewhatever
Feb 9 at 21:57
No. It would make no sense if one user (admin or not) could easily find paswords of other users.
– mikewhatever
Feb 9 at 21:57
Related: askubuntu.com/q/383057/367990
– Byte Commander
Feb 9 at 22:20
Related: askubuntu.com/q/383057/367990
– Byte Commander
Feb 9 at 22:20
Not entirely certain why I got downvoted but anyway yes it would defeat the purpose and technically yes you can decrypt a hash btw so long as you know it's derivation which seeing as linux is entirely opensource I don't see why not. Good news- passwords recalled! Getting too old for this stuff.
– Tmanok
Feb 13 at 19:58
Not entirely certain why I got downvoted but anyway yes it would defeat the purpose and technically yes you can decrypt a hash btw so long as you know it's derivation which seeing as linux is entirely opensource I don't see why not. Good news- passwords recalled! Getting too old for this stuff.
– Tmanok
Feb 13 at 19:58
add a comment |Â
3 Answers
3
active
oldest
votes
up vote
1
down vote
accepted
On Ubuntu, user passwords are not stored in a feasibly recoverable format, but as hashes.
To be more specific, they are salted and hashed using SHA-512, and the result is stored in /etc/shadow. On a running system, also only root may read this file, but of course if you mount the disk in a different system, it can be read by anyone.
Back to the hash, it's not really possible to reverse the hashing process and recover the original password from it. So against mathematical recovery, the passwords are safe.
However, one can "simply" brute-force it and try all possible passwords until one fits. Intelligent attackers would use dictionaries and try real words and common derivations of these first, as they have a higher probability to be used by humans. This will of course take some time, depending on computational power and length/complexity of the password. SHA512 is just a strong cryptographic hash though, but not a special password hash with extra large computation effort, like e.g. bcrypt or PBKDF2, so it's probably possible to find a rather short password within more or less reasonable time.
So no, you can not recover your password directly, but yes, if you spend enough time and computation power, you can just try until you find it.
answered Feb 9 at 22:19
Byte Commander
59.8k26159269
Thank you Byte Commander, I appreciate the insight and yes I suppose it would make sense that a brute force would be quicker than de-hashing the key. SHA512 does have some limitations in SHA2 but I assume Ubuntu is up to date using SHA3 which hasn't been compromised by the public yet. en.wikipedia.org/wiki/SHA-2#Comparison_of_SHA_functions
– Tmanok
Feb 13 at 20:02
add a comment |Â
up vote
1
down vote
No .. the password hash generation is a one way process. You can't reveres the hash to clear text password.
answered Feb 9 at 21:56
Soren A
3,0671724
add a comment |Â
up vote
0
down vote
No. Ubuntu uses a secure algorithm and a salt. This makes it near impossible to find the password, unless it's very weak. If you know the format of the password (e.g. aAaaa#111) it's more trivial to crack. Hashcat is the goto password cracker - but even that may take some significant time.
If another person has access to sudo on the machines, they can reset the password for you. sudo passwd username will change the password for username - without asking for the old password.
answered Feb 9 at 22:20
vidarlo
7,24642140
add a comment |Â
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
1
down vote
accepted
On Ubuntu, user passwords are not stored in a feasibly recoverable format, but as hashes.
To be more specific, they are salted and hashed using SHA-512, and the result is stored in /etc/shadow. On a running system, also only root may read this file, but of course if you mount the disk in a different system, it can be read by anyone.
Back to the hash, it's not really possible to reverse the hashing process and recover the original password from it. So against mathematical recovery, the passwords are safe.
However, one can "simply" brute-force it and try all possible passwords until one fits. Intelligent attackers would use dictionaries and try real words and common derivations of these first, as they have a higher probability to be used by humans. This will of course take some time, depending on computational power and length/complexity of the password. SHA512 is just a strong cryptographic hash though, but not a special password hash with extra large computation effort, like e.g. bcrypt or PBKDF2, so it's probably possible to find a rather short password within more or less reasonable time.
So no, you can not recover your password directly, but yes, if you spend enough time and computation power, you can just try until you find it.
answered Feb 9 at 22:19
Byte Commander
59.8k26159269
Thank you Byte Commander, I appreciate the insight and yes I suppose it would make sense that a brute force would be quicker than de-hashing the key. SHA512 does have some limitations in SHA2 but I assume Ubuntu is up to date using SHA3 which hasn't been compromised by the public yet. en.wikipedia.org/wiki/SHA-2#Comparison_of_SHA_functions
– Tmanok
Feb 13 at 20:02
add a comment |Â
up vote
1
down vote
accepted
On Ubuntu, user passwords are not stored in a feasibly recoverable format, but as hashes.
To be more specific, they are salted and hashed using SHA-512, and the result is stored in /etc/shadow. On a running system, also only root may read this file, but of course if you mount the disk in a different system, it can be read by anyone.
Back to the hash, it's not really possible to reverse the hashing process and recover the original password from it. So against mathematical recovery, the passwords are safe.
However, one can "simply" brute-force it and try all possible passwords until one fits. Intelligent attackers would use dictionaries and try real words and common derivations of these first, as they have a higher probability to be used by humans. This will of course take some time, depending on computational power and length/complexity of the password. SHA512 is just a strong cryptographic hash though, but not a special password hash with extra large computation effort, like e.g. bcrypt or PBKDF2, so it's probably possible to find a rather short password within more or less reasonable time.
So no, you can not recover your password directly, but yes, if you spend enough time and computation power, you can just try until you find it.
answered Feb 9 at 22:19
Byte Commander
59.8k26159269
Thank you Byte Commander, I appreciate the insight and yes I suppose it would make sense that a brute force would be quicker than de-hashing the key. SHA512 does have some limitations in SHA2 but I assume Ubuntu is up to date using SHA3 which hasn't been compromised by the public yet. en.wikipedia.org/wiki/SHA-2#Comparison_of_SHA_functions
– Tmanok
Feb 13 at 20:02
add a comment |Â
up vote
1
down vote
accepted
up vote
1
down vote
accepted
On Ubuntu, user passwords are not stored in a feasibly recoverable format, but as hashes.
To be more specific, they are salted and hashed using SHA-512, and the result is stored in /etc/shadow. On a running system, also only root may read this file, but of course if you mount the disk in a different system, it can be read by anyone.
Back to the hash, it's not really possible to reverse the hashing process and recover the original password from it. So against mathematical recovery, the passwords are safe.
However, one can "simply" brute-force it and try all possible passwords until one fits. Intelligent attackers would use dictionaries and try real words and common derivations of these first, as they have a higher probability to be used by humans. This will of course take some time, depending on computational power and length/complexity of the password. SHA512 is just a strong cryptographic hash though, but not a special password hash with extra large computation effort, like e.g. bcrypt or PBKDF2, so it's probably possible to find a rather short password within more or less reasonable time.
So no, you can not recover your password directly, but yes, if you spend enough time and computation power, you can just try until you find it.
answered Feb 9 at 22:19
Byte Commander
59.8k26159269
On Ubuntu, user passwords are not stored in a feasibly recoverable format, but as hashes.
To be more specific, they are salted and hashed using SHA-512, and the result is stored in /etc/shadow. On a running system, also only root may read this file, but of course if you mount the disk in a different system, it can be read by anyone.
Back to the hash, it's not really possible to reverse the hashing process and recover the original password from it. So against mathematical recovery, the passwords are safe.
However, one can "simply" brute-force it and try all possible passwords until one fits. Intelligent attackers would use dictionaries and try real words and common derivations of these first, as they have a higher probability to be used by humans. This will of course take some time, depending on computational power and length/complexity of the password. SHA512 is just a strong cryptographic hash though, but not a special password hash with extra large computation effort, like e.g. bcrypt or PBKDF2, so it's probably possible to find a rather short password within more or less reasonable time.
So no, you can not recover your password directly, but yes, if you spend enough time and computation power, you can just try until you find it.
answered Feb 9 at 22:19
Byte Commander
59.8k26159269
answered Feb 9 at 22:19
Byte Commander
59.8k26159269
answered Feb 9 at 22:19
Byte Commander
59.8k26159269
answered Feb 9 at 22:19
Byte Commander
59.8k26159269
59.8k26159269
Thank you Byte Commander, I appreciate the insight and yes I suppose it would make sense that a brute force would be quicker than de-hashing the key. SHA512 does have some limitations in SHA2 but I assume Ubuntu is up to date using SHA3 which hasn't been compromised by the public yet. en.wikipedia.org/wiki/SHA-2#Comparison_of_SHA_functions
– Tmanok
Feb 13 at 20:02
add a comment |Â
Thank you Byte Commander, I appreciate the insight and yes I suppose it would make sense that a brute force would be quicker than de-hashing the key. SHA512 does have some limitations in SHA2 but I assume Ubuntu is up to date using SHA3 which hasn't been compromised by the public yet. en.wikipedia.org/wiki/SHA-2#Comparison_of_SHA_functions
– Tmanok
Feb 13 at 20:02
Thank you Byte Commander, I appreciate the insight and yes I suppose it would make sense that a brute force would be quicker than de-hashing the key. SHA512 does have some limitations in SHA2 but I assume Ubuntu is up to date using SHA3 which hasn't been compromised by the public yet. en.wikipedia.org/wiki/SHA-2#Comparison_of_SHA_functions
– Tmanok
Feb 13 at 20:02
Thank you Byte Commander, I appreciate the insight and yes I suppose it would make sense that a brute force would be quicker than de-hashing the key. SHA512 does have some limitations in SHA2 but I assume Ubuntu is up to date using SHA3 which hasn't been compromised by the public yet. en.wikipedia.org/wiki/SHA-2#Comparison_of_SHA_functions
– Tmanok
Feb 13 at 20:02
add a comment |Â
up vote
1
down vote
No .. the password hash generation is a one way process. You can't reveres the hash to clear text password.
answered Feb 9 at 21:56
Soren A
3,0671724
add a comment |Â
up vote
1
down vote
No .. the password hash generation is a one way process. You can't reveres the hash to clear text password.
answered Feb 9 at 21:56
Soren A
3,0671724
add a comment |Â
up vote
1
down vote
up vote
1
down vote
No .. the password hash generation is a one way process. You can't reveres the hash to clear text password.
answered Feb 9 at 21:56
Soren A
3,0671724
No .. the password hash generation is a one way process. You can't reveres the hash to clear text password.
answered Feb 9 at 21:56
Soren A
3,0671724
answered Feb 9 at 21:56
Soren A
3,0671724
answered Feb 9 at 21:56
Soren A
3,0671724
answered Feb 9 at 21:56
Soren A
3,0671724
3,0671724
add a comment |Â
add a comment |Â
up vote
0
down vote
No. Ubuntu uses a secure algorithm and a salt. This makes it near impossible to find the password, unless it's very weak. If you know the format of the password (e.g. aAaaa#111) it's more trivial to crack. Hashcat is the goto password cracker - but even that may take some significant time.
If another person has access to sudo on the machines, they can reset the password for you. sudo passwd username will change the password for username - without asking for the old password.
answered Feb 9 at 22:20
vidarlo
7,24642140
add a comment |Â
up vote
0
down vote
No. Ubuntu uses a secure algorithm and a salt. This makes it near impossible to find the password, unless it's very weak. If you know the format of the password (e.g. aAaaa#111) it's more trivial to crack. Hashcat is the goto password cracker - but even that may take some significant time.
If another person has access to sudo on the machines, they can reset the password for you. sudo passwd username will change the password for username - without asking for the old password.
answered Feb 9 at 22:20
vidarlo
7,24642140
add a comment |Â
up vote
0
down vote
up vote
0
down vote
No. Ubuntu uses a secure algorithm and a salt. This makes it near impossible to find the password, unless it's very weak. If you know the format of the password (e.g. aAaaa#111) it's more trivial to crack. Hashcat is the goto password cracker - but even that may take some significant time.
If another person has access to sudo on the machines, they can reset the password for you. sudo passwd username will change the password for username - without asking for the old password.
answered Feb 9 at 22:20
vidarlo
7,24642140
No. Ubuntu uses a secure algorithm and a salt. This makes it near impossible to find the password, unless it's very weak. If you know the format of the password (e.g. aAaaa#111) it's more trivial to crack. Hashcat is the goto password cracker - but even that may take some significant time.
If another person has access to sudo on the machines, they can reset the password for you. sudo passwd username will change the password for username - without asking for the old password.
answered Feb 9 at 22:20
vidarlo
7,24642140
answered Feb 9 at 22:20
vidarlo
7,24642140
answered Feb 9 at 22:20
vidarlo
7,24642140
answered Feb 9 at 22:20
vidarlo
7,24642140
7,24642140
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e)
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom))
StackExchange.using('gps', function() StackExchange.gps.track('embedded_signup_form.view', location: 'question_page' ); );
$window.unbind('scroll', onScroll);
;
$window.on('scroll', onScroll);
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1004686%2ffind-another-sudoers-password%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e)
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom))
StackExchange.using('gps', function() StackExchange.gps.track('embedded_signup_form.view', location: 'question_page' ); );
$window.unbind('scroll', onScroll);
;
$window.on('scroll', onScroll);
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e)
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom))
StackExchange.using('gps', function() StackExchange.gps.track('embedded_signup_form.view', location: 'question_page' ); );
$window.unbind('scroll', onScroll);
;
$window.on('scroll', onScroll);
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e)
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom))
StackExchange.using('gps', function() StackExchange.gps.track('embedded_signup_form.view', location: 'question_page' ); );
$window.unbind('scroll', onScroll);
;
$window.on('scroll', onScroll);
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
No. It would make no sense if one user (admin or not) could easily find paswords of other users.
– mikewhatever
Feb 9 at 21:57
Related: askubuntu.com/q/383057/367990
– Byte Commander
Feb 9 at 22:20
Not entirely certain why I got downvoted but anyway yes it would defeat the purpose and technically yes you can decrypt a hash btw so long as you know it's derivation which seeing as linux is entirely opensource I don't see why not. Good news- passwords recalled! Getting too old for this stuff.
– Tmanok
Feb 13 at 19:58