17

Is there a specific location where the passwords are stored ?

Is it depending on which version is used ?

Are they salted ?

Vladimir Leiv
  • 897
  • 3
  • 8
  • 14

2 Answers2

18

Linux passwords are stored in the /etc/shadow file. They are salted and the algorithm being used depends on the particular distribution and is configurable.

From what I recall, the algorithms supported are MD5, Blowfish, SHA256 and SHA512. Most recent distributions should be on SHA512 by default if my memory serves me right.

  • It's important to note that while the `crypt` documentation refers to `MD5`, `SHA256`, `SHA512` that they are not one application of the simple cryptographic hash function, but it uses http://en.wikipedia.org/wiki/Crypt_(C) which generally provide 1000 (MD5) to default of 5000 rounds of the cryptographic hash function. – dr jimbob Jun 06 '13 at 16:16
  • @drjimbob Ah yes, should have mentioned that. :) –  Jun 06 '13 at 16:17
  • @drjimbob, Is this 5000 rounds of applying the same hash function to reduce the likelihood of a collision? It seems that repetitively applying the same hash function would only increase the amount of time it would take an attacker to brute force the hash rather than actually increasing the security of how the system handles passwords. – sherrellbc Jul 06 '16 at 16:07
  • @sherrellbc - The 5000 rounds is to simply slow down brute force attacks by a factor of roughly 5000. See: https://en.wikipedia.org/wiki/Key_stretching The chance of salt+pw collision is extremely small -- there's an 8 character long base64 salt (64^8 ~ 2.8 x 10^14 different salts). So its quite unlikely two people would have both the same salt and password. Getting the hashes to collide by chance is negligible; if you used a billion computers each generating a trillion hashes per second, it would take over a billion years before it's likely for one pair of collisions with 256 bit hashes. – dr jimbob Jul 06 '16 at 22:47
12

Passwords in unix were originally stored in /etc/passwd (which is world-readable), but then moved to /etc/shadow (and backed up in /etc/shadow-) which can only be read by root (or members of the shadow group).

The password are salted and hashed. The default formats are MD5-crypt, bcrypt, sha256-crypt, sha512-crypt, and for historical reasons DES (note DES only allows 8-byte passwords). Note, sha512-crypt is typically involves 5000 rounds of SHA512-ing the password and the number of rounds is configurable.

For more info consult man crypt, man shadow, man passwd.

dr jimbob
  • 38,768
  • 8
  • 92
  • 161
  • how are the passwords salted? Since the Linux kernel is open source, is not the salt algorithm known by the world and therefor useless? – Rox Jun 07 '13 at 16:25
  • 1
    @Rox - First, salts work by being at high-probability a unique string that's concatenated to the password before its hashed. Therefore, someone can't attack millions of passwords in parallel; (e.g., generate sha256crypt's of a list of 100 million common passwords once and then compare against all million hashes you have until you find matches). Instead to attack just one hash with a unique salt, you'd have to try all the common passwords (concatenated with that unique salt) until one worked. Note the salt is stored with the hash, as to check a password you need to use the salt. – dr jimbob Jun 07 '13 at 17:46
  • 3
    @Rox - Furthermore, the linux kernel being open-source is not relevant either. IIRC, the random salt is created from `/dev/random`, which uses true random bits are accumulated from measuring the noise properties of your system (e.g., did it take an even or odd number of clock cycles to access something from disk or time between keystrokes/mouse movements); so it is not predictable, even if it is open source. – dr jimbob Jun 07 '13 at 17:49