0

Let's say a clear password is encrypted using crypt() C function in Linux. Prototype:

char *crypt(const char *key, const char *salt);

Example with using MD5 method ("$1$" at beginning of salt parameter): 

char *clear_password = ...
char *encrypted_password = crypt(clear_password, "#$1$FedCBa$")

Question: What would be the code to decrypt the encrypted password and get back the clear password in result?

P.S. the example refers to MD5 method but the question is more general and concerns any method used by crypt() function (MD5, Blowfish, SHA-256, ...).

Gaston
  • 589
  • 1
  • 10
  • 34
  • Please [read the documentation](http://man7.org/linux/man-pages/man3/crypt.3.html). – Some programmer dude Apr 07 '19 at 12:17
  • 2
    off topic. You need to know the algorithm of md5sum and backtrack over all possible words and calculate the md5 for each one. MD5 is a function that has no inverse. So it is not possible to compute the password directly. – alinsoar Apr 07 '19 at 13:08
  • @Tsyvarev: Thank you for the link. Please see post scriptum added after question. – Gaston Apr 08 '19 at 09:53
  • 1
    "... the question is more general and concerns any method used by crypt() function (MD5, Blowfish, SHA-256, ...)." - Not sure what do you want to express with such post scriptum. As for MD5 the decript code definitely doesn't exist, then a "general" decript code doesn't exist too. – Tsyvarev Apr 08 '19 at 10:05

1 Answers1

5

You can't. It's a one-way hash of the salt + password. You can only encrypt a password attempt with the same salt and compare the result.

e.dan
  • 7,275
  • 1
  • 26
  • 29
  • I am disappointed, but anyway good to know. Thank you! – Gaston Apr 07 '19 at 12:30
  • 4
    You shouldn't be disappointed - saving the actual password in any retrievable manner is a security no-no - that's why secure password authentication schemes use one-way hash functions... – e.dan Apr 07 '19 at 12:53
  • You are right. It the best like this. – Gaston Apr 07 '19 at 13:01