Martin.Schoon@gmail.com (=?iso-8859-1?q?Sch=F6=F6n?= Martin) writes:

>I have a question regarding password safety and encrypting in unix and
>unix-like systems.

>Today I heard a story about a guy who had broken into the computer
>systems of a large corporation. The story teller claimed this guy had
>managed to download, among other things, complete lists of all
>unix accounts and the corresponding passwords.

Sure. hashed passwords. They then have to run an exhaustive search against
the hashed list to discover the actual password. I am not sure why anyone
believes anything that a "freind who heard it from a sister in law who
heard it from her milkman" says.

>I have been a unix user since the 1980s and I have been told by
>various support persons that in unix the passwords are encrypted

It is hashed not encrypted. If it were encrypted it could be recovered.
It cannot be exccept by testing all possible passwords against the hash and
finding the one that works. On the other hand if you used mommy as your
password, it is easily found.

>and if I forget mine I have to get a new, temporary one from my
>administrator because there is no way to look up and decrypt my
>password.

>What is the truth on this matter?