Tuesday, August 17, 2021

How password hashing works on Linux

You may know that passwords are hashed on Linux systems, and the hashes are stored in the restricted access /etc/shadow file. But did you know that you can also determine the hash method that was used and report the number of days since a password was last changed from this file as well?

To look at a user record in the /etc/shadow file, run a command like this:

$ sudo grep nemo /etc/shadow

You should see a line that looks something like this:

nemo:$6$FVYIIgcEcObSsUcf$FsSBlV9soVt.Owbd4xnvhlZzjx73ZBQQBT0WM
yah6qcdnH91tBf9C4EaYbRtr7jKGETP/TwBNjyrDFqhvK0NV1:18698:7:90:7
:::
 

In spite of how long that line is, it's quite easy to parse. The first two fields in the lines of this colon-separated file store:

To read this article in full, please click here


Thanks to Sandra Henry-Stocker (see source)

No comments:

Post a Comment