Visit Jeremy's Blog.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 08-07-2006, 01:21 PM   #1
LQ Newbie
Registered: Jul 2005
Distribution: Debian
Posts: 27

Rep: Reputation: 15
changing the /etc/shadow hash algo.

I was wondering if/how to change the hashes in shadow from MD5 to some other (better) hash like SHA512 or Whirlpool. I know there must be a way since the only standards that I am aware of right now are DES and MD5...stuff which security minded people couldn't sleep at night if there was no way to deal with that.

Any good articles out there or easy ways to do this with PAM or something? I've looked around a little, but haven't found anything specifically for this.

Old 08-07-2006, 04:55 PM   #2
Registered: Nov 2005
Posts: 144

Rep: Reputation: 18
I think the only way to change the algorithm to something other than MD5 od DES wouold me to tinker with the source code.
However, doing that is not neccessary. Although vulnerabilities have been found in both algorithms, they do not apply to the way these algorithms are used by shadow. MD5-shadowed passwords definitely cannot be recovered. You can check if you are using MD5 by looking for the string $1$ after the username. Here's an example from my /etc/shadow (slightly changed, of course):
I suggest you do a google search on "md5 vulerability" and the shadow program.


Last edited by Lotharster; 08-07-2006 at 05:03 PM.
Old 08-07-2006, 09:32 PM   #3
Registered: Jun 2005
Posts: 542

Rep: Reputation: 34
The algorithm isn't vanilla MD5 but based on it. The alternative is another based on Blowfish. See:

Ideally, it should be as easy as it is on Solaris and *BSD to change it (by configuring /etc/pam.d/system-auth, for example) but I don't know why it isn't a standard on Linux yet.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Using hash value as key for other hash in Perl scuzzman Programming 6 02-14-2006 06:08 PM
changing the font and shadow on the kde desktop minm Linux - Newbie 3 01-09-2005 07:35 AM
GCD Algo. Help dontcare Programming 2 10-16-2004 10:50 PM
/etc/shadow- (notice the dash after the word shadow) shellcode Linux - Security 1 09-03-2004 05:54 AM
Algo for Relatively prime No. LinuxTiro Programming 5 11-17-2003 10:02 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 12:45 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration