LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 11-27-2007, 10:38 AM   #1
helptonewbie
Member
 
Registered: Aug 2006
Location: England Somewhere
Distribution: Mandriva, PCLinuxOS, Karoshi, Suse, Redhat, Ubuntu
Posts: 518

Rep: Reputation: 39
Question What is used to create the shadow password hash??


Hello,
When you create a new user thats able to login etc etc, you also create there password for them, this obviously works with the users password being hashed irreversibly, then every time the user logs in they give their password, this is hashed again and then compared against the hash in the password file. What i'm asking is what command/function creates this hashed password that goes into the shadow file. eg you can do similar things with echo 'password'|md5sum
OR
echo 'password'|sha1sum

i'm guessing this shadow password hash is created in a similar fashion and i'd like to know what it is? So i can create my own user adding script that adds new users into a file of my own. I know to change a password you just use the passwd command but i'm trying more to be able to retrieve the output.

Hope someone knows thanks regards

ps-i've done an strace of 'passwd' but this didn't make anything to obvious in the method used

Last edited by helptonewbie; 11-27-2007 at 10:51 AM.
 
Old 11-27-2007, 11:13 AM   #2
matthewg42
Senior Member
 
Registered: Oct 2003
Location: UK
Distribution: Kubuntu 12.10 (using awesome wm though)
Posts: 3,530

Rep: Reputation: 63
The makepasswd program knows how. I think it's typical these days to use md5 to do the hashing, but there is a little extra data added, so called "salt", to make it a little more difficult to brute force.

In the shadow file, if the password has field starts with $1$ it is an MD5 password. Without this I believe the crypt function is used. If you discover others (e.g. using SHA1), please post them here.

Here's how to get a hash from a password using makepasswd:
Code:
echo "mypassword" | makepasswd --clearfrom=- --crypt-md5 |awk '{ print $2 }'
 
Old 11-27-2007, 11:14 AM   #3
matthewg42
Senior Member
 
Registered: Oct 2003
Location: UK
Distribution: Kubuntu 12.10 (using awesome wm though)
Posts: 3,530

Rep: Reputation: 63
You may also be interested in this post which presents a possible method to script auto-generation of passwords:

http://www.linuxquestions.org/questi...8/#post2969056
 
Old 11-27-2007, 11:15 AM   #4
bigrigdriver
LQ Addict
 
Registered: Jul 2002
Location: East Centra Illinois, USA
Distribution: Debian Squeeze
Posts: 5,796

Rep: Reputation: 323Reputation: 323Reputation: 323Reputation: 323
When a password is set up, md5crypt does the work of hashing the password. If md5crypt can be called from a script, then it should be possible to send it the password in plain text, and get the hash in return.
 
Old 11-27-2007, 11:26 AM   #5
ron7000
Member
 
Registered: Nov 2007
Location: CT
Posts: 91

Rep: Reputation: 18
are you asking about 'pwconv' ?
that converts the /etc/passwd file to /etc/shadow, or creates the shadow file if it does not exist.

try a man on:
pwconv
pwunconv
pwck
 
Old 11-27-2007, 03:08 PM   #6
helptonewbie
Member
 
Registered: Aug 2006
Location: England Somewhere
Distribution: Mandriva, PCLinuxOS, Karoshi, Suse, Redhat, Ubuntu
Posts: 518

Original Poster
Rep: Reputation: 39
thanks guys that was interesting stuff, ron7000 no i wasn't aksing that and in a charge to try and find this out before coming to the forum i'd actually as it turns out already looked into that stuff today. bigrig, unfortunetly i seem to be unable to call the md5crypt, and matt, i also didn't have the makepassword command...makepasswd --clearfrom=- --crypt-md5 |awk '{ print $2 }'....your rite in saying it starting $1$ so it must be md5 with a salt, but there must still be some way in getting this output for myself?

cheers for replies so far

PS-i don't seem to have command pwgen either

Last edited by helptonewbie; 11-27-2007 at 03:15 PM.
 
Old 11-27-2007, 05:18 PM   #7
matthewg42
Senior Member
 
Registered: Oct 2003
Location: UK
Distribution: Kubuntu 12.10 (using awesome wm though)
Posts: 3,530

Rep: Reputation: 63
You could install makepasswd...?
 
Old 11-28-2007, 04:49 PM   #8
helptonewbie
Member
 
Registered: Aug 2006
Location: England Somewhere
Distribution: Mandriva, PCLinuxOS, Karoshi, Suse, Redhat, Ubuntu
Posts: 518

Original Poster
Rep: Reputation: 39
hey,
i've messed around with the makepasswd command, but it doesn't create the password the same as what goes into the actual shadow file, thats what i'm trying to achieve, for instance if the password of a user was "password", i want to be able to create exactly the same hash thats already in the shadow file for that user
 
Old 11-28-2007, 10:27 PM   #9
matthewg42
Senior Member
 
Registered: Oct 2003
Location: UK
Distribution: Kubuntu 12.10 (using awesome wm though)
Posts: 3,530

Rep: Reputation: 63
You have to use the --crypt-md5 option to get the right type. Most mainstream distros use the MD5 hash type (although I dare say there are a few which use others).

You can spot MD5 password hashes because they start with $1$. Here is an example which reads the password from standard input:
Code:
% echo "mypassword" | makepasswd --clearfrom=- --crypt-md5
mypassword $1$ihlrowCw$45PvXmJvoJksKqNkoFi8s/
Note that if you run the command more than once, you will get different outputs... this is the salt in action.
 
Old 11-30-2007, 06:38 AM   #10
helptonewbie
Member
 
Registered: Aug 2006
Location: England Somewhere
Distribution: Mandriva, PCLinuxOS, Karoshi, Suse, Redhat, Ubuntu
Posts: 518

Original Poster
Rep: Reputation: 39
Hi Matt,
This would not be the command for me as i'm trying to replicate exactly or find out how for instance the password shadowing works then, if the hashed password is different every time then the only way to make it the same is to use the same salt the system does? This salt must be kept somewhere or how can the system authenticate a user on login, if the password entered by a user is changed to a hash thats different every time for whatever reason, then how can the hash i'm guessing that is compared to the hash in the shadow file for authentication work correctly?
 
Old 05-11-2009, 07:46 PM   #11
iambrucelee
LQ Newbie
 
Registered: May 2009
Posts: 4

Rep: Reputation: 4
The Salt is in the hash itself, and is a random salt everytime.

you can use many tools, including openssl to generate the hash.

Here is the breakdown of the entire hash:

the first $1 means that it is an md5 hash. the 2nd $XXXXXX is the salt. the 3rd $XXXXXXX is the hash.

so for example, if I use openssl, and use matthewg42's example

I can type

openssl passwd -1 -salt ihlrowCw

enter in the passord, and it will spit out the exact same hash.

(the -1) means md5

man sslpasswd will give you more options.

grub-md5-crypt is a nice tool for generating md5 hashes also...
 
Old 08-17-2009, 03:02 AM   #12
vitoreiji
LQ Newbie
 
Registered: Oct 2008
Location: São Paulo, Brazil
Distribution: Ubuntu 8.04.1
Posts: 1

Rep: Reputation: 0
@iambrucelee Thanks, that was most helpful! Exactly what I was looking for.
 
  


Reply

Tags
makepasswd, md5, password


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Create MD5 hash from string trouby Linux - General 9 02-07-2012 08:08 PM
changing the /etc/shadow hash algo. zerg4141 Linux - Security 2 08-07-2006 09:32 PM
shadow password - password field ayhopkins Linux - Security 8 11-17-2005 06:25 AM
Change Password Hash Algorithm Trano Linux - Security 1 08-23-2005 08:48 AM
Create a hash with any data Nerox Programming 3 07-31-2004 09:15 AM


All times are GMT -5. The time now is 10:29 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration