KALI Linux – How to find the HASHING algorithm – The Visual Guide
The default hashing algorithm for /etc/shadow files is SHA512 in Kali Linux. Here’s the coding which relates “SHA512” to $6$.
Step 1 – View your /etc/shadow file
Step 2 – Codes for other Hashing Algorithms
You can hash the passwords in several algorithms. These are revealed in the /etc/shadow file – for instance here we consider a $1 – which indicates MD5 hashing has been used.
$0 = DES
$1 = MD5 Hashing
$2 = Blowfish
$2A = eksblowfish
$5 = SHA256
$6 = SHA512
Field 2 format = 3 components
$Hashing Algorithm $ SALT $ Encoded password (includes the SALT).
- The encoded password is using MD5 hashing algorithm (because the of $1$)
- Salt value is Etg2ExUZ (the content between the second and third $ sign)
- And the hash value of “PASSWORD + SALT”.
What is the SALT?
If there is no salt, a plain dictionary attack could identify the password from the hash. If a salt value is in use, then 2 users with the same passwords will have different hashes. A random salt is generated when the password is being set.. therefore 2 users with the same password will have totally different salts, and totally different encrypted passwords.
Order of the /etc/shadow file – Useful to know
/etc/shadow” contains the following.
... user1:$1$Xop0FYH9$IfxyQwBe9b8tiyIkt2P4F/:13262:0:99999:7::: user2:$1$vXGZLVbS$ElyErNf/agUDsm1DehJMS/:13261:0:99999:7::: ...
As explained in shadow(5), each “
:” separated entry of this file means the following.
- Login name
- Encrypted password (The initial “
$1$” indicates use of the MD5 encryption. The “*” indicates no login.)
- Date of the last password change, expressed as the number of days since Jan 1, 1970
- Number of days the user will have to wait before she will be allowed to change her password again
- Number of days after which the user will have to change her password
- Number of days before a password is going to expire during which the user should be warned
- Number of days after a password has expired during which the password should still be accepted
- Date of expiration of the account, expressed as the number of days since Jan 1, 1970
Code for SHA512
Debian Linux – Authentication
How are passwords stored in Linux?