Lesson 12

Date: 6/25/2017
Linux Password Security
Linux System Administration


Linux passwords
  • On a local system, passwords are stored infile /etc/shadow:
    mike:$6$A0NKorlZ$l3YhLlm/Y1n2BW0YBiryNl5cS6vx5k.4j4LE/vb5FUOnD.uVXkiUA1kPSHLo5/6q5MzEJTal1OY1OiE4ReSpK0:17317:0:99999:7:::
    
  • The second field consits of 3 parts: the hashing algorithm, $6$, the salt $A0NKorlZ$, and the hashing function, crypt, value of (password,salt) parameters, l3YhLlm/Y1n2BW0YBiryNl5cS6vx5k.4j4LE/vb5FUOnD.uVXkiUA1kPSHLo5/6q5MzEJTal1OY1OiE4ReSpK0
  • The password hash is generated by function crypt. From the output of man crypt we see the hash structure components:
           If  salt is a character string starting with the characters "$id$" followed by a string terminated by "$":
    
                  $id$salt$encrypted
    
           then instead of using the DES machine,  id  identifies  the  encryption
           method  used  and  this  then  determines  how the rest of the password
           string is interpreted.  The following values of id are supported:
    
                  ID  | Method
                  -----------------------------------------------------
                  1   | MD5
                  2a  | Blowfish (not in mainline glibc; added in some
                      | Linux distributions)
                  5   | SHA-256 (since glibc 2.7)
                  6   | SHA-512 (since glibc 2.7)
    
           So   $5$salt$encrypted   is   an   SHA-256   encoded    password    and
           $6$salt$encrypted is an SHA-512 encoded one.
    
    
    



  • Take me to the Course Website