24

I have the working password and can see the hash (/etc/passwd). How do I find the hashing algorithm used to hash the password, without manually trying different algorithms until I find a match?

Stephen Kitt
  • 411,918
  • 54
  • 1,065
  • 1,164
Dorin Botan
  • 365
  • 1
  • 2
  • 9
  • 1
    What Unix variant are you using? – Kusalananda Mar 14 '18 at 10:59
  • 3
    I'm very surprised you can see a hash in `/etc/passwd`. I thought all Unix/Linux variants had moved to a split with `/etc/shadow` years ago. (I know such systems still support hashes in `passwd` but I know of no utilities that put them there any more. An embedded system, perhaps? – roaima Mar 14 '18 at 11:02
  • It's OpenWrt Backfire 10.03. Hashes are still stored in `/etc/passwd` here. This however does not change the matter of the question. Does it? – Dorin Botan Mar 14 '18 at 11:18
  • 1
    Just for the record: The BSDs have two Berkeley DB files, roaima. It's still split, but it's not `/etc/shadow` and they have no file by that name. – JdeBP Mar 14 '18 at 22:20

1 Answers1

40

This is documented in crypt(3)’s manpage, which you can find via shadow(5)’s manpage, or passwd(5)’s. Those links are appropriate for modern Linux-based systems; the description there is:

If salt is a character string starting with the characters "$id$" followed by a string optionally terminated by "$", then the result has the form:

$id$salt$encrypted

id identifies the encryption method used instead of DES and this then determines how the rest of the password string is interpreted. The following values of id are supported:

ID  | Method
─────────────────────────────────────────────────────────
1   | MD5
2a  | Blowfish (not in mainline glibc; added in some
    | Linux distributions)
5   | SHA-256 (since glibc 2.7)
6   | SHA-512 (since glibc 2.7)

Blowfish, also known as bcrypt, is also identified by prefixes 2, 2b, 2x, and 2y (see PassLib’s documentation).

So if a hashed password is stored in the above format, you can find the algorithm used by looking at the id; otherwise it’s crypt’s default DES algorithm (with a 13-character hash), or “big” crypt’s DES (extended to support 128-character passwords, with hashes up to 178 characters in length), or BSDI extended DES (with a _ prefix followed by a 19-character hash).

Some distributions use libxcrypt which supports and documents quite a few more methods:

  • y: yescrypt
  • gy: gost-yescrypt
  • 7: scrypt
  • sha1: sha1crypt
  • md5: SunMD5

Other platforms support other algorithms, so check the crypt manpage there. For example, OpenBSD’s crypt(3) only supports Blowfish, which it identifies using the id “2b”.

Stephen Kitt
  • 411,918
  • 54
  • 1,065
  • 1,164
  • 2
    DES based passwords are BTW always 13 characters long and consist of alphanumerical characters as well as `.` and `/`. The first 2 characters is the salt and the other 11 is a hash value (sort of). And it is the only one of the algorithms supported by `crypt` which is so weak that you cannot compensate for it by choosing a stronger password. – kasperd Mar 15 '18 at 00:11
  • 1
    If anyone else is wondering why their local `man 3 crypt` looks nothing like this, it’s likely because `libxcrypt` replaces that man page with its own, which doesn’t have this valuable contents (but a less concise equivalent is to be found in `man 5 crypt`). `libxcrypt` is *de facto* installed on many(?) systems (as it’s required by SystemD, OpenSSH, CUPS, Python…). – Maëlan Jan 07 '22 at 19:22