User Management – Can User Passwords Be Cracked from etc/shadow File?


My question is if someone hacked privileges on /etc/shadow file , can he crack the passwords of the system users.

If yes , how can i secure more my passwords and how to make it difficult on a cracker to easily crack my users passwords .

Any Suggestion?

Best Answer

While DES should never be used, MD5 is also weak. Check your /etc/login.defs file for the ENCRYPT_METHOD setting. SHA512 is the strongest possible option as far as I know. If your hashes in /etc/shadow start with "$6$", that's SHA512 which I think is not known to be broken (unlike DES and MD5). Of course, strong password hashes do not mean that simple passwords cannot still be easily cracked - they can.

Related Question