How password hashing works on Linux

0 0

You may know that passwords are hashed on Linux systems, and the hashes are stored in the restricted access /etc/shadow file. But did you know that you can also determine the hash method that was used and report the number of days since a password was last changed from this file as well?

To look at a user record in the /etc/shadow file, run a command like this:

$ sudo grep nemo /etc/shadow

You should see a line that looks something like this:

nemo:$6$FVYIIgcEcObSsUcf$FsSBlV9soVt.Owbd4xnvhlZzjx73ZBQQBT0WM
yah6qcdnH91tBf9C4EaYbRtr7jKGETP/TwBNjyrDFqhvK0NV1:18698:7:90:7
:::

In spite of how long that line is, it’s quite easy to parse. The first two fields in the lines of this colon-separated file store:

• the username (nemo)
• the password hash (including the hashing method used) in a $id$salt$hashed format

That $6$ portion of this string represents the hashing algorithm used.

• $1$ means MD5
• $2a$ means Blowfish
• $2y$ means Blowfish
• $5$ means SHA-256
• $6$ means SHA-512

The major portion of nemo’s /etc/shadow file entry represents the password hash. The following numeric fields (18698:7:90:7:::) represent:

• the date of the last password change in a “days since the epoch” format (18698)
• the minimum required days between password changes (7)
• the maximum allowed days between password changes (90)
• the number of days in advance to display password expiration message (7)
• the number of days after password expiration to disable the account (not set above)
• the account expiration date (not set above)
• a reserve field (not set above)

To find today’s date in the “days since the epoch” form, you can run a command like that shown in the alias below that divides the “seconds since the beginning of the Unix epoch” by 86,400 (the number of seconds in a day).

$ alias epoch_date=”echo $(( $(date +%s) / 86400 ))”

$ epoch_date 18855

You can then take that first field shown in the numeric fields (18698) of the /etc/shadow file and determine how many days ago the password was changed. In this example, it was 157 days ago.

$ expr 18855 – 18698

157

You can also determine the date the password was last changed by using the chage command that grabs the data from the /etc/shadow file and reports that date along with other password stats.

$ sudo chage -l nemo

Last password change                                    : Mar 12, 2021

Password expires                                        : Mar 12, 2022

Password inactive                                       : never

Account expires                                         : never

Minimum number of days between password change          : 7

Maximum number of days between password change          : 90

Number of days of warning before password expires       : 7

Wrap-Up

The /etc/shadow file stores a lot of important settings for passwords on Linux systems, including the algorithm used to create the password hashes and the password last set and expiration dates.

.

Source: How password hashing works on Linux | Network World

Don’t hesitate to contact us:

Geetika Technosoft Pvt Ltd
E-mail : crm@gtechnosoft.in
T: 1800 212 6124
#GeetikaTechnosoft
#ManagedITService
#ITExpertsConsultation
#GloablITServiceProvider
#Quality
#Trustworthiness
#NetworkWorld
#Linux
#PasswordHashing

About Post Author

admin

arghya.das@gtechnosoft.in

https://gtechnosoft.in/blog

Happy

0 0 %

Sad

0 0 %

Excited

0 0 %

Sleepy

0 0 %

Angry

0 0 %

Surprise

0 0 %