23

A careful examination of the /etc/passwd and /etc/shadow files reveal that the passwords stored are hashed using some form of hashing function.

A quick Google search reveals that by default, the passwords are encrypted using DES. If an entry begins with $, then it indicates that some other hashing function was used.

For example, some entries on my Ubuntu machine begin with $6$...

What do the various numbers represent?

Gilles 'SO- stop being evil'
  • 807,993
  • 194
  • 1,674
  • 2,175
Nathan Osman
  • 6,170
  • 10
  • 40
  • 51

1 Answers1

32

The full list is in man 3 crypt (web version):

          ID  | Method
          -------------------------------------------------
          1   | MD5
          2a  | Blowfish (on some Linux distributions)
          5   | SHA-256 (since glibc 2.7)
          6   | SHA-512 (since glibc 2.7)

(Blowfish can be either $2$ or $2a$ according to Wikipedia Crypt (Unix).)

So $6$ means SHA-512.

Which one your system uses is governed by any options passed to the pam_unix PAM module.

The default on the latest version of Ubuntu is set in /etc/pam.d/common-password:

password        [success=1 default=ignore]      pam_unix.so obscure sha512

which means that next time you change your password, it will be hashed using SHA-512, assuming your account is local, rather than NIS/LDAP/Kerberos, etc.

See also:

Cristian Ciupitu
  • 2,430
  • 1
  • 22
  • 29
Mikel
  • 56,387
  • 13
  • 130
  • 149
  • A quick double check of my `/etc/shadow` shows 2 entries that start with `$6$`. – Nathan Osman Feb 26 '11 at 02:23
  • Note that SHA-256 and SHA-512 are part of the SHA-2 set of hash functions. – mattdm Feb 26 '11 at 02:33
  • 4
    Note that the crypt hashes based on SHA-2 are not plain SHA-2, which would be bad since plain SHA-2 is weak against dictionary attacks. The SHA-2 crypt schemes use the plain hashes as building block, but add a variable work-factor(to slow down dictionary attacks) and a salt. – CodesInChaos Jun 18 '12 at 18:39
  • In my Ubuntu machine, root's password has an exclamation mark symbol (`!`). Reading `man shadow`, it means that the password is locked, so you can't log in directly using unix password. It has to do with Ubuntu set root account disabled by default. – Akronix Dec 30 '16 at 11:07