Where is my password stored on Linux?

  • Is there a specific location where the passwords are stored ?

    Is it depending on which version is used ?

    Are they salted ?

  • Correct answer

    8 years ago

    Linux passwords are stored in the /etc/shadow file. They are salted and the algorithm being used depends on the particular distribution and is configurable.

    From what I recall, the algorithms supported are MD5, Blowfish, SHA256 and SHA512. Most recent distributions should be on SHA512 by default if my memory serves me right.

    It's important to note that while the `crypt` documentation refers to `MD5`, `SHA256`, `SHA512` that they are not one application of the simple cryptographic hash function, but it uses http://en.wikipedia.org/wiki/Crypt_(C) which generally provide 1000 (MD5) to default of 5000 rounds of the cryptographic hash function.

    @drjimbob Ah yes, should have mentioned that. :)

    @drjimbob, Is this 5000 rounds of applying the same hash function to reduce the likelihood of a collision? It seems that repetitively applying the same hash function would only increase the amount of time it would take an attacker to brute force the hash rather than actually increasing the security of how the system handles passwords.

    @sherrellbc - The 5000 rounds is to simply slow down brute force attacks by a factor of roughly 5000. See: https://en.wikipedia.org/wiki/Key_stretching The chance of salt+pw collision is extremely small -- there's an 8 character long base64 salt (64^8 ~ 2.8 x 10^14 different salts). So its quite unlikely two people would have both the same salt and password. Getting the hashes to collide by chance is negligible; if you used a billion computers each generating a trillion hashes per second, it would take over a billion years before it's likely for one pair of collisions with 256 bit hashes.

License under CC-BY-SA with attribution

Content dated before 6/26/2020 9:53 AM