How are passwords stored in Linux (/etc/shadow)

Let’s take,  from /etc/shadow file:

From the above shown example entry, our topic of interest is the second field(the field with the encoded hash of the password).

$6$lzI56fap$jrSiosb1PF.37iQ2MNKMBBOSkdKyaUpaQlqzbYqZzJ1crEWQArX4keATupJda2S5KvaTGy6sLykD18zaDE50h0

The above shown encoded hash value can be further classified into three different fields as below.

1. The first field is a numerical number that tell’s you the hashing algorithm that’s being used.

  • $1=MD5 hashing Algorithm
  • $2=Blowfish Algorithm
  • $2a=eksblowfish Algorithm
  • $5=SHA-256 Algorithm
  • $6=SHA-512 Algorithm

2. The second field is the salt value

Salt value is nothing but a random data that’s generated to combine with the original password, inorder to increase the strength of the hash..

3.The last field is the hash value of salt+user password.

So in our example entry of root, as shown below:

$6$lzI56fap$jrSiosb1PF.37iQ2MNKMBBOSkdKyaUpaQlqzbYqZzJ1crEWQArX4keATupJda2S5KvaTGy6sLykD18zaDE50h0

The above shown encoded password is using SHA-512 hashing algorithm (because the of $6$)

Salt value is lzI56fap (the content between the second and third $ sign).

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s