My question is if someone hacked privileges on /etc/shadow file , can he crack the passwords of the system users.
If yes , how can i secure more my passwords and how to make it difficult on a cracker to easily crack my users passwords .
Any Suggestion?
Best Answer
While DES should never be used, MD5 is also weak. Check your /etc/login.defs file for the ENCRYPT_METHOD setting. SHA512 is the strongest possible option as far as I know. If your hashes in /etc/shadow start with "$6$", that's SHA512 which I think is not known to be broken (unlike DES and MD5). Of course, strong password hashes do not mean that simple passwords cannot still be easily cracked - they can.