Какой хеширующий алгоритм используется для хранения паролей в /etc/shadow?
Кажется в Linux пароли хранятся в файле /etc/shadow , точнее хранятся не сами пароли, а их хеши. Какой хеширующий алгоритм используется при этом? Если это зависит от дистрибутива, то как узнать, какой хеширующий алгоритм используется в моём дистрибутиве?
2 ответа 2
метод хэширования по умолчанию определён в файле /etc/login.defs
$ grep '^ENCRYPT_METHOD' /etc/login.defs ENCRYPT_METHOD SHA512 он может быть переопределён в конфигурационных файлах pam (естественно, для тех программ, которые его используют). например, в дистрибутиве debian gnu/linux есть такая конфигурационная директива:
$ grep -r '^password.*pam_unix' /etc/pam.d/ /etc/pam.d/common-password:password [success=1 default=ignore] pam_unix.so obscure sha512 в этом примере метод совпадает с тем, что определён в /etc/login.defs — sha512.
но данные директивы повлияют только на хэши новых паролей. уже существующие (или вручную вписанные) могут использовать любой другой метод.
Aлгоритм указан в самом хеше. Хеш имеет несколько «полей»:
пусть хеш такой : kaktus:$1$jbdsfj$ewryh4hferf444f3w:213:3:123:6:8:17:
kaktus это имя пользователя сам хеш $1$jbdsfj$ewryh4hferf444f3w — делится на несколько секторов, разделяемых $ таким образом : $id$salt$hashed .
Id описывает алгоритм хеширования:
$1$ это MD5,
$2a$ это Blowfish,
$2y$ это Blowfish,
$5$ это SHA-256,
$6$ это SHA-512,
salt — соль, подробнее : https://andreyex.ru/linux/kriptograficheskie-hesh-funktsii/\ hashed — выходное значение хеш функции
Далее 213 это дата последнего изменения пароля (в днях с 1 января 1970 )
Далее 3 минимально допустимое кол-во дней между сменами пароля
Далее 123 максимально допустимое кол-во дней между сменами пароля(через такое кол-во дней с момента установки пароля его необходимо обязательно сменить)
Далее 6 Кол-во дней, за которое пользователь получит предупреждение о смене пароля(см. предыдущий пункт)
Далее 8 Кол-во дней, в течение которых после истечения срока действия пароля учетная запись будет отключена.
Далее 17 Дата истечения срока действия учетной записи, выраженная в количестве дней с 1 января 1970 года.
Поправьте меня, если я где-то ошибся
Источники :
Manually generate password for /etc/shadow
I need to manually edit /etc/shadow to change the root password inside of a virtual machine image. Is there a command-line tool that takes a password and generates an /etc/shadow compatible password hash on standard out?
10 Answers 10
You can use following commands for the same:
Method 1 (md5, sha256, sha512)
openssl passwd -6 -salt xyz yourpass Note: passing -1 will generate an MD5 password, -5 a SHA256 and -6 SHA512 (recommended)
Method 2 (md5, sha256, sha512)
mkpasswd --method=SHA-512 --stdin The option —method accepts md5 , sha-256 and sha-512
Method 3 (des, md5, sha256, sha512)
As @tink suggested, we can update the password using chpasswd using:
echo "username:password" | chpasswd Or you can use the encrypted password with chpasswd . First generate it using this:
perl -e 'print crypt("YourPasswd", "salt", "sha512"),"\n"' Then later you can use the generated password to update /etc/shadow :
echo "username:encryptedPassWd" | chpasswd -e The encrypted password we can also use to create a new user with this password, for example:
useradd -p 'encryptedPassWd' username When using chpasswd -e , make sure to use single quotes on the string you echo in; otherwise, if there are $ or other special characters, they will not get treated literally.
Note that make of these will end up in your shell history. I would use openssl passwd -1 which 1) doesn’t end up there and 2) generates a random salt for you (which doesn’t end up in shell history, neither).
For a SHA-512 hash: python3 -c ‘import crypt; print(crypt.crypt(«test», crypt.mksalt(crypt.METHOD_SHA512)))’ — from related ServerFault question
Method 1) and 2) above uses MD5 for hashing. MD5 isn’t considered best practise anymore as there has been hash collisions. Use method 3) or the one described in unix.stackexchange.com/a/198906/10911.
On Ubuntu 12.04, there is mkpasswd (from the whois package): Overfeatured front end to crypt(3)
mkpasswd -m sha-512 -S saltsalt -s - -m = Compute the password using the TYPE method. If TYPE is help then the available methods are printed.
- -S = salt used.
$ mkpasswd -m help -s = Read password from stdin No matter what, generated passwords from mkpasswd copied into the /etc/passwd always fail. Is there a way to check if the hash created by mkpasswd is correct?
@To마SE: It is somtimes useful to control the salt. I have used it when testing hash generation of passwords for web app where I was storing the salt in a separate store. E.g. hashed password in MySQL DB, and per user salt in Redis.
This solution has the following benefits:
- Nothing additional to install
- Does not store the password in your shell history
- Generates a random salt for you
- Uses a modern, strong hashing algorithm, SHA-512
- Re-prompts for the password to avoid mistakes.
$ python3 -c "from getpass import getpass; from crypt import *; \ p=getpass(); print('\n'+crypt(p, METHOD_SHA512)) \ if p==getpass('Please repeat: ') else print('\nFailed repeating.')" References
None of the current methods are acceptable to me - They either pass the password on the command line (which ends up in my shell's history), require the installation of additional utilities ( python3 , makepasswd ), use hard-coded salts or use old hashing techniques.
This method would generate SHA-512 hashes after prompting for the password and would use a random salt.
A method utilising Python 2 without any non-standard libraries:
python2 -c 'import crypt, getpass,os,base64; print crypt.crypt(getpass.getpass(), "$6$"+base64.b64encode(os.urandom(16))+"$")' To do it without a prompt: (This will leave your password in the command history)
python2 -c 'import crypt, os,base64; print crypt.crypt("MyPassword", "$6$"+base64.b64encode(os.urandom(16))+"$")' To avoid leaving the password in the command history, you can set (for bash, at least) the environment variable HISTCONTROL to 'ignorespace', and then add a leading space in front of the command.
@adam820: That is one way. It would still it in the ps output in the fraction of a second that the command is running. (The safest remains to use the version that prompts for the password)
Also with the openssl command you don't have to use a hard-coded salt nor pass the password on the command line, try e.g. this variant: openssl passwd -6 -salt $(head -c18 /dev/urandom | openssl base64)
@maxschlepzig Just leaving the "-salt" option off seems to result in a random salt as well. mkpasswd has other options, like specifying the number of rounds as well. Python3's crypt.mksalt also allows those to be specified. (I had a use case where Python 3 was unavailable, which is why this answer exists)
@GertvandenBerg, the point is: the rationale in your first paragraph of your answer is incorrect. Counter example openssl : it doesn't require you to pass the password on the command line, it usually doesn't require the installation of additional utilities (i.e. which system doesn't have the openssl binary pre-installed but python ..) and it doesn't use hard-coded salts nor old hashing techniques.
For those without Debian based systems. Python3 works just as well.
python3 -c 'import crypt, getpass; print(crypt.crypt(getpass.getpass()))' getpass.getpass() will prompt you for a password on the command line.
For some reason, using crypt.mksalt does not work when generating passwords for /etc/shadow . But @Alex131089's method works!
Just wasted 1.5h trying this method, before I noticed the comment. Can somebody remove it? I can't downvote yet.
@MichałF it seems like this wasn't working because the salting wasn't done correctly. Thanks for pointing this out. I've removed the salt because the salting is dependent on OS and it's not practical to account for all ranges of OS in my answer. You should be using Method 1 outlined by @RahulPatil because it allows you to use salting and openssl is a pretty universal tool.
Yet another method to generate passwords, is using the openssl tool.
openssl passwd -1 -salt SaltSalt SecretPassword # output: $1$SaltSalt$FSYmvnuDuSP883uWgYBXW/ openssl passwd -crypt -salt XR SuprScrt # output: XR1dOp2EVMph2 How is this different from method 1 in Rahul Patil's answer? Note that the old DES-based password hashing algorithm definitely should not be used! For one thing, it only supports passwords of up to eight bytes, which is woefully inadequate these days.
Quoting Snowden: "Assume your adversary is capable of one trillion guesses per second." With a not totally unreasonable 70-characters charset and a fully random password, that's 576 seconds -- less than ten minutes. Even against a less capable but determined adversary, it is woefully inadequate.
Thanks for being the only answer showing how to encrypt DES passwords! Very useful for trying to override the root password for an IP camera firmware.
The openssl and chpasswd -e pair didn't work in my case in RHEL6. Combining openssl passwd and usermod -p command did the job.
Generate the hash value of the password along with the salt value:
$ openssl passwd -1 -salt 5RPVAd clear-text-passwd43 $1$5RPVAd$vgsoSANybLDepv2ETcUH7. Then, copy the encrypted string to usermod. Make sure to wrap it with single quotes.
$ usermod -p '$1$5RPVAd$vgsoSANybLDepv2ETcUH7.' root Check it out in shadow file.
$ grep root /etc/shadow root:$1$5RPVAd$vgsoSANybLDepv2ETcUH7.:17774:0:99999:7. Expanding a bit on the criticisms of u150825 and Gert van den Berg, I found myself needing something relatively flexible for different situations with different automation systems. I decided I would add to my own little library of useful scripts and write this. It uses only native libraries from python 2.7+, and works on python3 just as well.
You can pick it up here if you like. It's just as easy to drop this in your environment if you're needing to use it a lot, http hosted or whatever, and you can run it on any platform using whatever the default python interpreter you've got available to you is, pretty reliably counting on it working.
It defaults to prompting using getpass with prompts on stderr (allowing easy capture of stdout), but if you pipe a string to it it'll just reap from stdin. Depending on how you're going about this, it may not be showing up in command history, either, so just be cognizant of what it is you're working with. I like having a flexible tool that'll behave in an expected way, rather than having to rely on packages or python one-lining my way to victory 10 different ways.