What methods are used to encrypt passwords in /etc/passwd and /etc/shadow

hashsumpassword

A careful examination of the /etc/passwd and /etc/shadow files reveal that the passwords stored are hashed using some form of hashing function.

A quick Google search reveals that by default, the passwords are encrypted using DES. If an entry begins with $, then it indicates that some other hashing function was used.

For example, some entries on my Ubuntu machine begin with $6$ …

What do the various numbers represent?

Best Answer

The full list is in man 3 crypt (web version):

          ID  | Method
          -------------------------------------------------
          1   | MD5
          2a  | Blowfish (on some Linux distributions)
          5   | SHA-256 (since glibc 2.7)
          6   | SHA-512 (since glibc 2.7)

(Blowfish can be either $2$ or $2a$ according to Wikipedia Crypt (Unix).)

So $6$ means SHA-512.

Which one your system uses is governed by any options passed to the pam_unix PAM module.

The default on the latest version of Ubuntu is set in /etc/pam.d/common-password:

password        [success=1 default=ignore]      pam_unix.so obscure sha512

which means that next time you change your password, it will be hashed using SHA-512, assuming your account is local, rather than NIS/LDAP/Kerberos, etc.

Best Answer

Related Solutions

Encrypt word X to /etc/shadow encryption

What command should I run after making changes to /etc/passwd file

Related Question