Skip to content

passwd hashed password

October 22, 2013

User’s password in a *nix system (like Debian 6 GNU / Linux) are not stored in clear but they are hased.

i.e. if you password is qwerty then it is stored as 123.Qaz/9Xyz. Likely (mathematically) no strings other than qwerty will be hased as 123.Qaz/9Xyz. So when you login the password you enter (qwerty) is hased and the hased version (123.Qaz/9Xyz) is check against the stored one. If you enter Qwerty than you will not login as hash of Qwerty differs from qwerty hash.

Maybe you already know that. But do you know how to generate the has version of a password in the same fashion it is sotred in either the passwd or the shadow file?

Well I do not know whether this is an universl answer, but I think it is valid for most of modern GNU / Linux systems.

For sure it works with Debian 6:

mkpasswd -m <method> –salt <salt> <password>

<method> : Debian 6 as method uses sha-512.

<salt> : It is variable, choose by system when hashing the password

<password> : Your password

<method> and <salt> are stored in either passwd or shadow files toghether with hashed password (shadow file can be read only by root): read more.

The format is $id$salt$hashed-password and, if method is sha-512 then $id$ is $6$.

Example

mkpasswd -m sha512 –salt poiuytre qwerty

prints

$6$poiuytre$xNMEGtGbGLPSFbotpTOD4/vUJYZLbhMR/xXJ4XNu8QWPt.GR.NGb06FyGBb1ex9A./OLIoaiGwXdC8K6jHNOJ.

that is what you would see in either passwd or shadow files if a user will set qwerty password and system chooses poiuytre salt.

 

From → Technology

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: