CentOS - Apr 2015 - How to decrypt rootpassword form kickstart file

Warren Young wrote:
> On Mar 30, 2015, at 11:08 PM, Jegadeesh Kumar <jegasmile at
gmail.com> wrote:
>> # Root password
>> rootpw --iscrypted $1$1SItJOAg$UM9n7lRFK1/OCs./rgQtQ/
>> # System authorization information
>> auth  --useshadow  --passalgo=sha512
>
> Those two settings are inconsistent.  The $1 at the beginning of that
> crypt(3) string means it?s an MD5 password.
>
>> Is there any way to decry pt the password and get it as plain text.
<snip>

This is all interesting, but I've got one dumb question: why do you need
to decrypt it?

      mark

>
> This is all interesting, but I've got one dumb question: why do you
need
> to decrypt it?
>
In the UK we have a law which give you the right to remain silent; so as
not to incriminate yourself. I think in the US its known as "taking the
fifth".

On Wed, April 1, 2015 11:09 am, Andrew Holway wrote:
>>
>> This is all interesting, but I've got one dumb question: why do you
need
>> to decrypt it?
>>
>
> In the UK we have a law which give you the right to remain silent; so as
> not to incriminate yourself. I think in the US its known as "taking
the
> fifth".
Indeed.

But I for one can deduce the answer, assuming the OP knows everything I
know or more (sorry for abbr.; Original Poster I had to say). Here is my
speculation:

One can easily replace root password hash in kickstart. The only scenarios
that that is not enough I can imagine are:

1. OP has to deal with machine kickstarted before and had no ability (or
wants to avoid it to leave no track that that is done) to boot the machine
in a single user mode and edit shadow file

2. OP was able to get kickstart file content (the hash actually), _has_ to
use it, but is not able to edit it (or editing is not an option due to
some other consideration)

3. This is somebody's else kickstart password, but I do exclude
immediately it as as a result one can imagine a [cyber]criminal action
here which I don't expect from anyone ;-)

That said, I just have to mention it once again. It is really advisable to
always change root password that came from kickstart file before even new
system goes live.

Valeri

++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++

On Wed, Apr 01, 2015 at 06:09:01PM +0200, Andrew Holway
wrote:
> In the UK we have a law which give you the right to remain silent; so as
> not to incriminate yourself. I think in the US its known as "taking
the
> fifth".
The UK RIPA act requires you to hand over decryption keys upon presentation
of the correct paperwork.

-- 

rgds
Stephen

On Wed, 2015-04-01 at 18:09 +0200, Andrew Holway wrote:
> >
> > This is all interesting, but I've got one dumb question: why do
you need
> > to decrypt it?
> >
> 
> In the UK we have a law which give you the right to remain silent; so as
> not to incriminate yourself. I think in the US its known as "taking
the
> fifth".
English law states silence, in response to an arrest caution, can be
used against the arrested person at their criminal trial.  The English
system permits prosecutors to mislead and confuse the jury and to
blatantly lie about the defendant. In those circumstances has an alleged
"Right not to self-incriminate" any practical usefulness ?

Follow-ups, if any, off the list, please.

-- 
Regards,

Paul.
England, EU.      Je suis Charlie.