Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Is there a command that I can enter to the console to create the encrypted version of my password as it is in /etc/shadow? The encryptions in my /etc/shadow start with $1$ and are 34 characters in length.
I know that
Code:
echo -n "password" | md5sum | cut -d ' ' -f 1
will create an md5sum hash.. but when I entered my password there it didn't come out to be the same. My question is: is there a command like above that can recreate the encrypted version of my password as it looks in /etc/shadow?
To answer this you need to know about "salted" secure hashing alogorithms. from www.securitytechnique.com:
To avoid the dictionary attack, modern systems will prepend a "random salt" to a password before applying the hash function. The salt is stored, unencrypted in the password database along with the salted and hashed password.
The password generation process using salted hashes looks like this:
1. Prompt the user for a password.
2. Generate a random salt (i.e.- a random string of bits.)
3. Prepend the salt to the password.
4. Hash the salted password.
5. Store the salt and the salted password in the password database.
The process of checking the password is now:
1. Retrieve the user's salt from the password database.
2. Prompt the user for a password.
3. Append the password to the salt.
4. Hash the salted password.
5. Compare the result from step 4 with the salted password in the password database.
The purpose of the salt is to increase the number of "dictionary entries" for each password. When storing a non-salted hashed password, an attacker would only have to pre-calculate one hashed password for each password to populate his dictionary. With salted passwords, the attacker would have to create a dictionary entry for each pair of salt values and common words.
Boston Tech
Last edited by bostontech; 12-12-2004 at 10:50 AM.
student04 You should read a modern man page for crypt(3) for a good understanding of how the passwords in shadow are stored.
bostontech You should read a modern man page for crypt(3) as your explantion doesn't cover md5/blowfish, and it's not really correct anyway. Figuring out the salt isn't too terribly difficult since it is (and always has been) stored in plaintext in the password/shadow file with the crypted string.
To answer the question, you have to have the salt out of the password file. So, let's assume you do. Let's say the password field out of shadow is
Code:
$1$R.bKJ.24$p4exiX8dbFK9.
Ok, so this is an md5 crypted password, and the salt is R.bKJ.24 (the dollar signs are seperators). The rest of the stuff is the crypted password. So ... Let's try this.
Code:
Escaped for tcsh, so you may have to adjust it for bash
perl -e 'print("\$1\$R.bKJ.24\$" . crypt("\$1\$R.bKJ.24\$", "p455w0rd" ) . "\n");'
the post was to really just let the user know why the entries in /etc/shadow look that way, and an intro to the concept of using salted values. If you really want to understand the concept you need to learn about it first and not just give someone the answer. Remember the saying "Give a man a fish and he eats for one day, but teach a man to fish and he'll eat for a lifetime".
My encryption has a longer string stored in /etc/shadow, so something has to be adjusted.. I will read the link you posted and see what I can come up with.
I know this is an old topic, but since it was left open ended thought I could put in the right info.
the crypt function takes first argument as the password and second as the salt,
so it should have been
perl -e 'print("\$1\$jVPltO5Q\$" . crypt("password", "\$1\$jVPltO5Q\$") . "\n");'
whose output is "$1$jVPltO5Q$$1$jVPltO5Q$HLsCM3KAPrvqfLrwVoUEr."
It matches with the shadow file entry shared by the "student04"..
I found this thread useful and it pointed in the right direction, but specifically I was trying to update accounts on multiple servers without sending the password (only sending the hash).
The steps are:
Generate an SHA512 password hash usable as a password hash by login
Set the "youruserid" user password to be that hash using the chpasswd command.
Assumptions:
Machine on which you generate has Perl and OpenSSL installed
Destination Machine has chpasswd
This will prompt you for a password without echoing it to the screen or putting it into your history file and store it. The -e option tells chpasswd you have already encrypted/hashed the password.
This script file (entitled createpass.sh for this exercise)
Code:
#!/bin/bash
# Create an SHA512 binary password hash using a randomly generated 16 character salt
#
# This hash can be used to change the user password using the command:
# echo "youruserid:$(source createpass.sh)" | sudo chpasswd –e
#
read -s -p "Password: " _password
export _salt=$(openssl rand 1000 | strings | grep -io [0-9A-Za-z\.\/] | head -n 16 | tr -d '\n' )
export _password=$_password
echo $(perl -e 'print crypt("$ENV{'_password'}","\$6\$"."$ENV{'_salt'}"."\$")')
unset _password
unset _salt
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.