0
Viewing /etc/shadow file ,understanding the structure
12 March 2010
The Unix/Linux system store the password hashes in a file called /etc/shadow with access control that requires root privileges .This is the strategy used by modern Unix/Linux system .
So the structure will be :Username:password:lastchange:min:max:warn:inactive:expire:
Username -will stay for the name of the user
Salt - http://en.wikipedia....cryptography%29
Password -here is the encrypted password
lastchange -is the last time that the password was changed
min -the minim number of days of the last time that the password was modified ,the number of days left ,before the password can be changed
max -the maximum number of days that the password are valid
warn -the number of days that the user will be warned that the password must be changed
inactive –the numbers of days of inactivity for that user that the password has expired
expire -here is the date that the login can be used any more ,cause
the account was disabled
So here is an Example of a password stored in /etc/shadow
Username = admin
Salt = R4mDH
Password = aOcFaA9.Dq6Ww2u3XmCfK/
lastchange = 14641
min = 0
max = 99999
warn = 7
So the modern Unix/Linux system use a MCF(Modular Crypt Format) that is extensible to future algorithms http://en.wikipedia....rypt_%28Unix%29
So here is a short description of MCF
$1$ specifies algorithm for encryption in our case is MD5
R4mDH specifies the Salt that is limited to 16 characters
aOcFaA9.Dq6Ww2u3XmCfK/ specifies the hash of the password
$1$ = MD5
$2$ = Blowfish
$5$ = SHA256
$6$ = SHA512
The SALT is a casual value that is used to perform a second input for
hash function that guarantees different hash of password when 2 users
chose the same password for example.
The SALT are also used to stop the attacks with precalculation tables
However the salt cannot stop the password cracking !
So be careful when you choose a password
So the structure will be :Username:password:lastchange:min:max:warn:inactive:expire:
Username -will stay for the name of the user
Salt - http://en.wikipedia....cryptography%29
Password -here is the encrypted password
lastchange -is the last time that the password was changed
min -the minim number of days of the last time that the password was modified ,the number of days left ,before the password can be changed
max -the maximum number of days that the password are valid
warn -the number of days that the user will be warned that the password must be changed
inactive –the numbers of days of inactivity for that user that the password has expired
expire -here is the date that the login can be used any more ,cause
the account was disabled
So here is an Example of a password stored in /etc/shadow
admin:$1$R4mDH$aOcFaA9.Dq6Ww2u3XmCfK/:14641:0:99999:7:::
Username = admin
Salt = R4mDH
Password = aOcFaA9.Dq6Ww2u3XmCfK/
lastchange = 14641
min = 0
max = 99999
warn = 7
So the modern Unix/Linux system use a MCF(Modular Crypt Format) that is extensible to future algorithms http://en.wikipedia....rypt_%28Unix%29
So here is a short description of MCF
$1$ specifies algorithm for encryption in our case is MD5
R4mDH specifies the Salt that is limited to 16 characters
aOcFaA9.Dq6Ww2u3XmCfK/ specifies the hash of the password
$1$ = MD5
$2$ = Blowfish
$5$ = SHA256
$6$ = SHA512
The SALT is a casual value that is used to perform a second input for
hash function that guarantees different hash of password when 2 users
chose the same password for example.
The SALT are also used to stop the attacks with precalculation tables
However the salt cannot stop the password cracking !
So be careful when you choose a password
