LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 12-30-2013, 05:53 AM   #1
plisken
Member
 
Registered: Dec 2001
Location: Scotland
Distribution: Slackware 9.1/13.37/14 RedHat 6.2/7/EL6.5 SuSE 8.2/11.1
Posts: 458

Rep: Reputation: 30
Question /etc/shadow question


Hi there, I'm asking this here, since I'm mostly slackware orientated, though this could be considered not distribution specific and as such, I apologise.

I'm currently in the process of migrating content from an older system/version of slack to a not as old system with a newer version of slack and came across something, defying what I initially thought.

In an attempt to make things as invisible as possible for users, I decided to extract the passwords from /etc/shadow using John (done this many times before for numerous reasons, but ALWAYS ON THE SAME MACHINE).

I always thought this could only be done on the mahcinhe from which the /etc/shadow file originated, I thought that the encrypted passwords were somehow connected to a "key" unique to that particular machine/install but to my surprise, when the file was copied over to another machine and John run, all passwords were revealed (took a while, just saying).

So essentially, I achieved what I set out to and simply applied the passwords to the duplicate users on the new machine and for this part, job done, but I am left wondering how this is possible?

Very curious I done an experiment, same username on two different machines and the /etc/shadow file shows different information for the same user on both machines, so how can either machine "resolve" each others /etc/shadow file?
Obviously the passwords are not encrypted to any key or tied to the original machine (and if they are, how can it be found on a different machine), how does this work? (kind of annoying when something which you thought and believed in for a long, long time is discounted), a bit like Father Christmas eh...

Thanks in advance...
 
Old 12-30-2013, 06:45 AM   #2
Alien Bob
Slackware Contributor
 
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 5,304

Rep: Reputation: Disabled
The password utility uses what's there in the shadow file. Your password string in that file consists of 3 elements:
  1. hashing algorithm
  2. salt
  3. hashed password
These elements are separated by "$" characters, like this: $hashing_algorithm$salt$password_hash
In Slackware, the hashing algorithm has the value "1" which means (a variant of) MD5. Some other distros have "6" which means blowfish.
The salt string is randomly generated when you create/change your password.
The password hash (the 3rd element) is then calculated using the salt and your actual password when you type it in, using the specific hashing algorithm.

Check your password hash in your local shadow file. Write down the salt string. Then try this command:
Code:
openssl passwd -1 -salt salt_string your_actual_password
and compare the result to the password hash stored in the shadow file. Should be the same!

This is how login works. The password tool takes your plaintext password and calculates the hash using the algorithm and hash which are stored with your hashed password. If the result of that calculation matches what's present in the shadow file, then you typed the correct password and you are allowed in. The algorithm is one-way, you can not recover the plaintext password from the data in the shadow file.

This is why you can just copy/paste a line in the shadow file from one computer to another, it will still work there.

Eric

Last edited by Alien Bob; 12-30-2013 at 06:46 AM.
 
5 members found this post helpful.
Old 12-30-2013, 07:27 AM   #3
plisken
Member
 
Registered: Dec 2001
Location: Scotland
Distribution: Slackware 9.1/13.37/14 RedHat 6.2/7/EL6.5 SuSE 8.2/11.1
Posts: 458

Original Poster
Rep: Reputation: 30
EXCELLENT, thanks!!!!!
 
Old 12-30-2013, 11:36 AM   #4
GNU/Linux
Member
 
Registered: Sep 2012
Distribution: Slackware-14
Posts: 80

Rep: Reputation: Disabled
Although it does answer the OP and marked as solved nonetheless I tried it on Slackware64 14.1. Slackware (14.0 & 14.1) now uses SHA256 to calculate the hash. I can't reproduce the hash with 'openssl passwd' so I googled and found out it doesn't support SHA256. I've found a solution but it's using Python and Perl script.

Following works on Slackware64 14.1
Code:
python -c "import crypt, getpass, pwd; print crypt.crypt('YOUR_PASSWORD', '\$5\$SALT\$')"
Thanks Eric.
 
1 members found this post helpful.
Old 12-30-2013, 12:35 PM   #5
mancha
Member
 
Registered: Aug 2012
Posts: 337

Rep: Reputation: Disabled
As of Slackware 14.0, SHA256 (with default of 5000 rounds) is used to hash new passwords. These parameters are controlled by ENCRYPT_METHOD and SHA_CRYPT_{MIN,MAX}_ROUNDS in /etc/login.defs.

Salt prefix $6$ corresponds to SHA512. I believe the blowfish patches to glibc use $2a$ for their prefix.

--mancha

Last edited by mancha; 12-30-2013 at 12:38 PM.
 
Old 12-30-2013, 05:41 PM   #6
Alien Bob
Slackware Contributor
 
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 5,304

Rep: Reputation: Disabled
Quote:
Originally Posted by mancha View Post
As of Slackware 14.0, SHA256 (with default of 5000 rounds) is used to hash new passwords. These parameters are controlled by ENCRYPT_METHOD and SHA_CRYPT_{MIN,MAX}_ROUNDS in /etc/login.defs.

Salt prefix $6$ corresponds to SHA512. I believe the blowfish patches to glibc use $2a$ for their prefix.

--mancha
Indeed, my mistake. The $5$ is SHA-256 and $6$ is SHA-512. My Slackware-current box creates a hash with $5$ prefixed which means SHA-256 was used. I carried over old passwords obviously...
GNU/Linux's python example line works for SHA hashing algorithms, openssl does not.

Eric
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Shadow File Last Changed Question kechlion Linux - Security 2 08-31-2010 04:45 PM
ubuntu karmic nis client 'ypcat shadow.byname' works, but 'getent shadow' fails casterln Linux - Networking 1 03-06-2010 01:47 AM
/etc/shadow and /etc/passwd permissions question lqchangba Linux - Security 2 02-20-2007 12:46 PM
Shadow file question Timur Sakayev Linux - Security 4 06-07-2005 10:20 AM
gnome question (drop shadow) littleking Slackware 0 11-28-2003 12:15 PM


All times are GMT -5. The time now is 03:36 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration