Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Does anyone know the encryption routine for linux shadow passwords?
I have redhat9 running and am creating a script to add a user. So far no problem but I am confused as to how the regular passwd function creates the password stored in /etc/shadow.
Is it MD5 or crypt, if crypt what is the salt they use? If MD5 is it hex.
I read the salt was the first 12 characters of the user's crypted password.
I read the salt was the first 2 characters of the user's uncrypted password.
The password field must be filled. The encryped password
consists of 13 to 24 characters from the 64 character
alphabet a thru z, A thru Z, 0 thru 9, . and /. Refer to
crypt(3) for details on how this string is interpreted.
On a Linux system without the Shadow Suite installed, user information including passwords is stored in the /etc/passwd file. The password is stored in an encrypted format. If you ask a cryptography expert, however, he or she will tell you that the password is actually in an encoded rather than encrypted format because when using crypt(3), the text is set to null and the password is the key. Therefore, from here on, I will use the term encoded in this document.
The algorithm used to encode the password field is technically referred to as a one way hash function. This is an algorithm that is easy to compute in one direction, but very difficult to calculate in the reverse direction. More about the actual algorithm used can be found in section 2.4 or your crypt(3) manual page.
When a user picks or is assigned a password, it is encoded with a randomly generated value called the salt. This means that any particular password could be stored in 4096 different ways. The salt value is then stored with the encoded password.
The password field must be filled. The encryped password
consists of 13 to 24 characters from the 64 character
alphabet a thru z, A thru Z, 0 thru 9, . and /. Refer to
crypt(3) for details on how this string is interpreted.
Helpfull, Thankyou. That narrows it down to the crypt function.
reviewed all documentation but nowhere does it really say what salt is used by the shadow password suite.
Still open for comments.
Check out the 'useradd' command via man. If you're writing a shell script you might just be able to wrap this command, which might remove the need to edit /etc/shadow manually.
If you really gotta do it manually, the salt is the set of characters at the beginning of the hashed (encrypted) password. It can either be two characters, or a sequence of "$1$<string>$". This is explained in the GNU EXTENSION of the crypt(3) manpage. (Assuming you are using GNU of course :-))
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.