Skip to content

KALI Linux – How to find the HASHING algorithm – The Visual Guide

23/07/2014

The default hashing algorithm for /etc/shadow files is SHA512 in Kali Linux.  Here’s the coding which relates “SHA512” to $6$.kali hash $6 code

Step 1 – View your /etc/shadow file

cat /etc/shadow

hash id shadow fileIs there a $6 ?  Thought so, as SHA512 is default for Kali.

****

Step 2 – Codes for other Hashing Algorithms

You can hash the passwords in several algorithms.  These are revealed in the  /etc/shadow file – for instance here we consider a $1 – which indicates MD5 hashing has been used.

$1   $Etg2ExUZ$F9NTP7omafhKIlqaBMqng1

md5 The different hashes revealed in the /etc/shadow file include:

$0 = DES

$1 = MD5 Hashing

$2 = Blowfish

$2A = eksblowfish

$5 = SHA256

$6 = SHA512

******

Field 2 format =  3 components

$Hashing Algorithm $ SALT  $ Encoded password (includes the SALT).

eg: $1$Etg2ExUZ$F9NTP7omafhKIlqaBMqng1

md5

  • The encoded password is using MD5 hashing algorithm (because the of $1$)
  • Salt value is Etg2ExUZ (the content between the second and third $ sign)
  • And the hash value of “PASSWORD + SALT”.

******

What is the SALT?

If there is no salt, a plain dictionary attack could identify the password from the hash. If a salt value is in use,  then 2 users with the same passwords will have different hashes.  A random salt is generated when the password is being set.. therefore 2 users with the same password will have totally different salts, and totally different encrypted passwords.

*****

Order of the /etc/shadow file – Useful to know

/etc/shadow” contains the following.

 ...
user1:$1$Xop0FYH9$IfxyQwBe9b8tiyIkt2P4F/:13262:0:99999:7:::
user2:$1$vXGZLVbS$ElyErNf/agUDsm1DehJMS/:13261:0:99999:7:::
 ...

As explained in shadow(5), each “:” separated entry of this file means the following.

  • Login name
  • Encrypted password (The initial “$1$” indicates use of the MD5 encryption. The “*” indicates no login.)
  • Date of the last password change, expressed as the number of days since Jan 1, 1970
  • Number of days the user will have to wait before she will be allowed to change her password again
  • Number of days after which the user will have to change her password
  • Number of days before a password is going to expire during which the user should be warned
  • Number of days after a password has expired during which the password should still be accepted
  • Date of expiration of the account, expressed as the number of days since Jan 1, 1970

 

 

References:

Code for SHA512

https://github.com/lattera/glibc/blob/master/crypt/sha512-crypt.c

Debian Linux – Authentication

http://www.debian.org/doc/manuals/debian-reference/ch04.en.html

 

How are passwords stored in Linux?

http://www.slashroot.in/how-are-passwords-stored-linux-understanding-hashing-shadow-utils

 

KALI – First things to do after installing Kali Debian Linux – The Visual Guide

https://uwnthesis.wordpress.com/2014/07/20/kali-first-things-to-do-after-installing-kali-debian-linux-the-visual-guide/

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: