How are passwords stored in Linux (/etc/shadow)

Let’s take,  from /etc/shadow file:

From the above shown example entry, our topic of interest is the second field(the field with the encoded hash of the password).


The above shown encoded hash value can be further classified into three different fields as below.

1. The first field is a numerical number that tell’s you the hashing algorithm that’s being used.

  • $1=MD5 hashing Algorithm
  • $2=Blowfish Algorithm
  • $2a=eksblowfish Algorithm
  • $5=SHA-256 Algorithm
  • $6=SHA-512 Algorithm

2. The second field is the salt value

Salt value is nothing but a random data that’s generated to combine with the original password, inorder to increase the strength of the hash..

3.The last field is the hash value of salt+user password.

So in our example entry of root, as shown below:


The above shown encoded password is using SHA-512 hashing algorithm (because the of $6$)

Salt value is lzI56fap (the content between the second and third $ sign).

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s