Display my password linux

How do I view my current user/password in bash?

I’m currently installing Bash on Ubuntu on Windows. I installed Bash and set up the user on normally. Everything worked fine, but I didn’t want to keep doing sudo with every command. I uninstalled then reinstalled ‘Bash on Ubuntu on Wwindows’ with

It saved the username, but not the previous password. I’m trying to view the current password for the user that I am using. How do I view the password to my user in Bash?

I don’t know if you can view the password. You can run sudo passwd yourusername to change it. If you don’t have sudo access, you can run as root with lxrun /setdefaultuser root

You can’t view your password, but why would you want to do that? What are you actually trying to accomplish? If you want to configure sudo not to ask for a password, that’s a different matter, it doesn’t require storing any password anywhere, you just configure it not to ask for the password. If that’s something specific to Linux-on-Windows then it’s probably something similar but I wouldn’t know.

3 Answers 3

You can’t actually, your password is hashed and is only a 1-way decoded.

To summarize it, just imagine each time you try to login, it will do something like

if hash('password') == currentHash; do grantAccess(); 

and each time you save a password, will do

hashedPass = hash('password'); writeOnShadowFile('hashedPass') 

This is by security standards of hashing avoid storing a real password, but instead storing the result of a function, and evaluating it on that way. Hashing functions are intended to do lot of the original value conversion with data loss, and due the data loss it will make almost impossible to know your original password.

You can easily change your password with usermod -p , or just passwd .

Источник

Where my linux password is stored on my system and how i can retrieve it? [duplicate]

I am currently logged in on my Linux system and i want to output my Linux password and username on my terminal, what commands i need to write and in which file it is stored and how i can retrieve it ?

3 Answers 3

In short: you can’t find out what your password is.

Although it’s stored in the file /etc/shadow , it’s stored in a «protected» format called a hash. It’s like a baked cake is to a set of ingredients, there’s no way to get the flour back out of the cake.

The passwords are not stored anywhere on the system at all. What is stored in /etc/shadow are so called hashes of the passwords.

A hash of some text is created by performing a so called one way function on the text (password), thus creating a string to check against. By design it is «impossible» (computationally infeasible) to reverse that process.

What can be done is to try a «brute force» attack — by hashing a lot of possible passwords until the outcome equals the found hash. There is no other way, you cannot compute a text (=password) that matches the hash you have.

There are several algorithms to create hashes, they differ in complexity, length of the hash, probability/possibility of so called collisions (two different texts have the same hash, which eventually must happen if the hash is shorter than the original text).

Typical current algorithms are

both should not be used for cryptographic/security purposes any more!!

• SHA-256
• SHA-512
• SHA-3 (KECCAK was announced the winner in the competition for a new federal approved hash algorithm in October 2012) — not used in Ubuntu yet.

As you know from other answers you can’t see your password. Let me explain why. Design where passwords are stored in their normal form (it’s called plain) isn’t very secure (not only for operating systems) because if list of such passwords falls into hands of malicious person, he can log in instantly, since list of user names is usually easy to retrieve (in Linux from /etc/passwd file). That’s why hash functions are used instead. These are one-way functions — you can create hash based on value but you can’t create value based on hash. If malicious person gets a list of hash values he can’t retrieve actual passwords from them (or at least it’s more difficult) and user still can login — when he passes his password, it’s translated to hash and compared with stored value.

Once in a while you can heard that someone hacked some website and get passwords or that some list of passwords leaked somewhere. If those were stored in plain text, attacker got instant access to some accounts. If those were hashed he had to break them first. It means more trouble for him and more time for reaction like changing a password to a new one. Linux (and any Unix based system) follows this design and that’s why you can’t print your password in any other way that hashed — only if you have root user privileges and can read /etc/shadow file.

To print your username, type whoami .

Linked

Related

Hot Network Questions

Site design / logo © 2023 Stack Exchange Inc; user contributions licensed under CC BY-SA . rev 2023.7.14.43533

Ubuntu and the circle of friends logo are trade marks of Canonical Limited and are used under licence.

By clicking “Accept all cookies”, you agree Stack Exchange can store cookies on your device and disclose information in accordance with our Cookie Policy.

Источник

How to see password as we type it

I want to it to show at least some asterisks as the placeholder for the password characters as follow:

3 Answers 3

There is a way to do it with «sudo» but it does not work with su. But if you want to display «*» with sudo, you need to add this line in «/etc/sudoers» file :

That did not work for me i did visudo then inserted Defaults pwfeedback which failed then i inserted Defaults pwfeedback=»*» which also failed. Any idea .

That’s weird, it’s working for me with sudo, I added the line at the end of my sudoers file. You can also add it elsewhere. For example, after env_reset -> «Defaults env_reset, pwfeedback».

Is there something that can be done about this?

No, unfortunately. It’s an inconsistency in the interface (visual feedback in the GUI, no visual feedback in the terminal), and inconsistencies confuse new users.

I started a thread about this in the Ubuntu Forums called Feedback on entering password in the terminal? I even filed a bug report on the issue, but the developers have rejected it.

So, you’ve just got to get used to it.

It is a security feature and intentional. Giving away the amount of characters the password consists off is already a valuable information for anyone trying to guess it.

If you really want to implement that, look at the line discipline implementation in the kernel; it won’t be hard to hack eg an ECHO_STAR termios c_lflag in, that could be then easily used by any program (I won’t comment whether this is a good idea or not). Otherwise, I don’t see how playing the UX pundit is helping anyone — you cannot expect every program that has to get a password from the user to do its own idiosyncratic workarounds.

Источник