Skip to content

KALI Linux – How to find the HASHING algorithm – The Visual Guide


The default hashing algorithm for /etc/shadow files is SHA512 in Kali Linux.  Here’s the coding which relates “SHA512” to $6$.kali hash $6 code

Step 1 – View your /etc/shadow file

cat /etc/shadow

hash id shadow fileIs there a $6 ?  Thought so, as SHA512 is default for Kali.


Step 2 – Codes for other Hashing Algorithms

You can hash the passwords in several algorithms.  These are revealed in the  /etc/shadow file – for instance here we consider a $1 – which indicates MD5 hashing has been used.

$1   $Etg2ExUZ$F9NTP7omafhKIlqaBMqng1

md5 The different hashes revealed in the /etc/shadow file include:

$0 = DES

$1 = MD5 Hashing

$2 = Blowfish

$2A = eksblowfish

$5 = SHA256

$6 = SHA512


Field 2 format =  3 components

$Hashing Algorithm $ SALT  $ Encoded password (includes the SALT).

eg: $1$Etg2ExUZ$F9NTP7omafhKIlqaBMqng1


  • The encoded password is using MD5 hashing algorithm (because the of $1$)
  • Salt value is Etg2ExUZ (the content between the second and third $ sign)
  • And the hash value of “PASSWORD + SALT”.


What is the SALT?

If there is no salt, a plain dictionary attack could identify the password from the hash. If a salt value is in use,  then 2 users with the same passwords will have different hashes.  A random salt is generated when the password is being set.. therefore 2 users with the same password will have totally different salts, and totally different encrypted passwords.


Order of the /etc/shadow file – Useful to know

/etc/shadow” contains the following.


As explained in shadow(5), each “:” separated entry of this file means the following.

  • Login name
  • Encrypted password (The initial “$1$” indicates use of the MD5 encryption. The “*” indicates no login.)
  • Date of the last password change, expressed as the number of days since Jan 1, 1970
  • Number of days the user will have to wait before she will be allowed to change her password again
  • Number of days after which the user will have to change her password
  • Number of days before a password is going to expire during which the user should be warned
  • Number of days after a password has expired during which the password should still be accepted
  • Date of expiration of the account, expressed as the number of days since Jan 1, 1970




Code for SHA512

Debian Linux – Authentication


How are passwords stored in Linux?


KALI – First things to do after installing Kali Debian Linux – The Visual Guide

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: