4/12/2011

Password hashes in Linux

 The passwords are not stored in clear text. Instead a one way hash function is used. That means it is very difficult for an attacker to crack the password even if the hash is obtained.  The hash can be obtained from /etc/shadow. It will look something like this:


You can see the root hash at the top. Now let's try and understand the hash. The common hashing algorithms are MD5, SHA-1 and SHA-2. SHA-2 is the most secure. This is my root password hash



root:$6$GkfJ0/H/$IDtJEzDO1vh8VyDG5rnnLLMXwZl.cikulTg4wtXjq98Vlcf/PA2D1QsT7VHSsu46B/od4IJlqENMtc8dSpBEa1:14592:0:99999:7:::

The first part, root is the user.
$6$ means that SHA encryption is used. For MD5, it will be $1$.
Upto the next : its the password.
14592 is the number of days after the last password change.
0 denotes the minimum no. of days the user must use a password before it can be changed.
99999 denotes the no. of days the password is valid for
7 denotes the no. of days after password expires that account is disabled.

No comments:

Post a Comment