7

I was reading the Wikipedia article on the shadow file and it mentioned the format of the lines is like this:

$id$salt$hashed

So, my question is, how does it work?

I tried to calcualte the hash for my own account to which I had the password so I used this command:

sha512sum {salt}+{my_clear_text_password}

But the output is different from the hash I see for myself. So how does it work? What am I missing?

Navid
  • 171
  • 1
  • 2

3 Answers3

3

A couple of things to think about (you'll have to read the sources in the Linux coreutils and glibc2 to confirm)

  • The output of sha512sum appears to be printable hex notation whereas the output stored in the shadow file appears to be base64 so they will be different.

  • I think that the sha512sum in the shadow file has been passed through the hash function more than once ( #define ROUNDS_DEFAULT 5000 ) whereas the sha512sum just passes the 'file' through the hash once.

  • There may be padding added by one or both commands to align the data it may be different.

user9517
  • 114,104
  • 20
  • 206
  • 289
2

If you want to create the hash in the same way that the /etc/shadow file stores it, use the following command:

mkpasswd --method=sha-512 --salt=YOUR_SALT PASSWORD
Castaglia
  • 3,239
  • 3
  • 19
  • 40
technics
  • 21
  • 1
  • The output of this command contains chars not present in the output of `sha512sum`. Is there some more encoding going on for the hash output stored in /etc/shadow? – user38537 Mar 21 '18 at 23:00
1

From the shadow(5) man-page:

encrypted password

Refer to crypt(3) for details on how this string is interpreted.

If the password field contains some string that is not a valid result of crypt(3), for instance ! or *, the user will not be able to use a unix password to log in (but the user may log in the system by other means).

This field may be empty, in which case no passwords are required to authenticate as the specified login name. However, some applications which read the /etc/shadow file may decide not to permit any access at all if the password field is empty.

A password field which starts with a exclamation mark means that the password is locked. The remaining characters on the line represent the password field before the password was locked.

From the crypt(3) man-page:

crypt() is the password encryption function. It is based on the Data Encryption Standard algorithm with variations intended (among other things) to discourage use of hardware implementations of akey search.

key is a user's typed password.

salt is a two-character string chosen from the set [a–zA–Z0–9./]. This string is used to perturb the algorithm in one of 4096 different ways.

By taking the lowest 7 bits of each of the first eight characters of the key, a 56-bit key is obtained. This 56-bit key is used to encrypt repeatedly a constant string (usually a string consisting of all zeros). The returned value points to the encrypted password, a series of 13 printable ASCII characters (the first two characters represent the salt itself). The return value points to static data whose content is overwritten by each call.

Craig McQueen
  • 720
  • 6
  • 18
pkhamre
  • 5,900
  • 3
  • 15
  • 27
  • 1
    Seems like a sane answer to me. No idea why it was voted down... – pehrs Oct 18 '12 at 08:32
  • 1
    It's talking about `crypt` encoded passwords. `SHA-512` is very different. – Sven Oct 18 '12 at 08:57
  • 1
    It should be noted that the glibc2 version of crypt() supports different algorithms (MD5, SHA-256, SHA-512, and, on some systems, Blowfish) depending on the salt value. See the "Notes" section of the man page for crypt(3). – Lacek Oct 18 '12 at 13:07