LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 05-27-2004, 08:29 PM   #1
mnisski
LQ Newbie
 
Registered: Oct 2003
Posts: 4

Rep: Reputation: 0
Shadow password encryption


Does anyone know the encryption routine for linux shadow passwords?
I have redhat9 running and am creating a script to add a user. So far no problem but I am confused as to how the regular passwd function creates the password stored in /etc/shadow.
Is it MD5 or crypt, if crypt what is the salt they use? If MD5 is it hex.
I read the salt was the first 12 characters of the user's crypted password.
I read the salt was the first 2 characters of the user's uncrypted password.

But None of these work.

Any guidance is appreciated.
 
Old 05-27-2004, 08:51 PM   #2
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 22,965
Blog Entries: 11

Rep: Reputation: 865Reputation: 865Reputation: 865Reputation: 865Reputation: 865Reputation: 865Reputation: 865
Hmmm ...

man -k shadow
Code:
shadow               (3)  - encrypted password file routines
shadow               (5)  - encrypted password file
man 5 shadow

Code:
       The  password field must be filled.  The encryped password
       consists of 13 to 24  characters  from  the  64  character
       alphabet  a thru z, A thru Z, 0 thru 9, . and /.  Refer to
       crypt(3) for details on how this string is interpreted.
man 3 crypt doesn't say anything about salt...

Hmmm ...

http://www.google.co.nz/linux?hl=en&...a=lr%3Dlang_en

First entry ....

http://linuxselfhelp.com/howtos/Shad...d-HOWTO-2.html

Quote:
On a Linux system without the Shadow Suite installed, user information including passwords is stored in the /etc/passwd file. The password is stored in an encrypted format. If you ask a cryptography expert, however, he or she will tell you that the password is actually in an encoded rather than encrypted format because when using crypt(3), the text is set to null and the password is the key. Therefore, from here on, I will use the term encoded in this document.

The algorithm used to encode the password field is technically referred to as a one way hash function. This is an algorithm that is easy to compute in one direction, but very difficult to calculate in the reverse direction. More about the actual algorithm used can be found in section 2.4 or your crypt(3) manual page.

When a user picks or is assigned a password, it is encoded with a randomly generated value called the salt. This means that any particular password could be stored in 4096 different ways. The salt value is then stored with the encoded password.



Cheers,
Tink
 
Old 05-28-2004, 05:54 PM   #3
mnisski
LQ Newbie
 
Registered: Oct 2003
Posts: 4

Original Poster
Rep: Reputation: 0
Quote:
Originally posted by Tinkster
Hmmm ...

man -k shadow
Code:
shadow               (3)  - encrypted password file routines
shadow               (5)  - encrypted password file
man 5 shadow

Code:
       The  password field must be filled.  The encryped password
       consists of 13 to 24  characters  from  the  64  character
       alphabet  a thru z, A thru Z, 0 thru 9, . and /.  Refer to
       crypt(3) for details on how this string is interpreted.
man 3 crypt doesn't say anything about salt...

Hmmm ...

http://www.google.co.nz/linux?hl=en&...a=lr%3Dlang_en

First entry ....

http://linuxselfhelp.com/howtos/Shad...d-HOWTO-2.html


Helpfull, Thankyou. That narrows it down to the crypt function.
reviewed all documentation but nowhere does it really say what salt is used by the shadow password suite.
Still open for comments.



Cheers,
Tink
 
Old 05-28-2004, 06:24 PM   #4
phlogistonjohn
LQ Newbie
 
Registered: Jul 2003
Location: MA, USA
Distribution: Mandrake,Debian,Zaurus
Posts: 17

Rep: Reputation: 0
Check out the 'useradd' command via man. If you're writing a shell script you might just be able to wrap this command, which might remove the need to edit /etc/shadow manually.

If you really gotta do it manually, the salt is the set of characters at the beginning of the hashed (encrypted) password. It can either be two characters, or a sequence of "$1$<string>$". This is explained in the GNU EXTENSION of the crypt(3) manpage. (Assuming you are using GNU of course :-))
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
shadow password - password field ayhopkins Linux - Security 8 11-17-2005 05:25 AM
useradd without shadow password twallstr Linux - Software 1 09-08-2005 02:14 PM
samba and shadow password files duffboygrim Linux - Networking 1 10-05-2004 11:33 PM
/etc/shadow password field amfoster Linux - Security 2 08-24-2004 11:39 AM
shadow password wincrk Linux - Security 3 03-16-2003 09:07 PM


All times are GMT -5. The time now is 06:27 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration