|
useradd -p encryptedhash
I was reading there are two ways to set a new users password from the book
LPIC-1/CompTIA Linux+ Certification Exam Guide (Exams LPIC-1/LX0-101 & LX0-102) by Robby H. Tracy 1) useradd username then passwd username 2) useradd -p encryptedpasswordhash username and to generate that encrypted password hash with the following command: openssl passwd -crypt I tested this to see if the hash generated by this command matched the hash for my user in /etc/shadow, and it did not. the hashes generated by that command are significantly shorter too. |
The first part of the shadow's hash field contains a short code identifying the type of hash used. Different hashes are different lengths. Crypt is a week hash and wouldn't be used today. The second part of the yash field is the salt. It is a random number added to your password before hashing. This prevents dictionary attacks. On my netbook, the salt is 8 characters long from a 62 char alphabet, so one would need over 200 trillion dictionaries precalculated. The third part is the actual hash.
The $ character delimits the three parts. |
I read
Quote:
Also, how do you choose which hashing algorithm to be used? I looked all through the passwd man page and saw nothing about that. |
1. I imagine they felt md5 was more secure than sha-512
2. the default settings are in /etc/login.defs 3. according to this https://en.wikipedia.org/wiki/Shadow_password, options for a passwd (not inc crypt itself) are MD5, Blowfish, SHA-256, SHA-512. See also the link there https://www.kernel.org/doc/man-pages...3/crypt.3.html I've googled around but can't find a cmd that will confirm which ones are available on any given system; looks like you'd have to look at the src code. If anyone knows the cmd I'm interested. Note that openssl list-cipher-algorithms openssl list-message-digest-algorithms produce some interesting output, but I doubt all options are valid in /etc/shadow... |
| All times are GMT -5. The time now is 02:35 AM. |