Lesson 12

Date: 6/25/2017

Linux Password Security

Linux System Administration

Linux passwords

On a local system, passwords are stored infile /etc/shadow:

mike:$6$A0NKorlZ$l3YhLlm/Y1n2BW0YBiryNl5cS6vx5k.4j4LE/vb5FUOnD.uVXkiUA1kPSHLo5/6q5MzEJTal1OY1OiE4ReSpK0:17317:0:99999:7:::

The second field consits of 3 parts: the hashing algorithm, $6$ , the salt $A0NKorlZ$ , and the hashing function, crypt, value of (password,salt) parameters, l3YhLlm/Y1n2BW0YBiryNl5cS6vx5k.4j4LE/vb5FUOnD.uVXkiUA1kPSHLo5/6q5MzEJTal1OY1OiE4ReSpK0

The password hash is generated by function crypt. From the output of man crypt we see the hash structure components:

       If  salt is a character string starting with the characters "$id$" followed by a string terminated by "$":

              $id$salt$encrypted

       then instead of using the DES machine,  id  identifies  the  encryption
       method  used  and  this  then  determines  how the rest of the password
       string is interpreted.  The following values of id are supported:

              ID  | Method
              -----------------------------------------------------
              1   | MD5
              2a  | Blowfish (not in mainline glibc; added in some
                  | Linux distributions)
              5   | SHA-256 (since glibc 2.7)
              6   | SHA-512 (since glibc 2.7)

       So   $5$salt$encrypted   is   an   SHA-256   encoded    password    and
       $6$salt$encrypted is an SHA-512 encoded one.

Vectors of attack
Passwords
MD5 and SHA512
Exercise: mkpasswd
Exercise: different encryptions
Exercise: password cracking
PAM
Exercise: password policies.
Exercise: two-factor authentication
References
Take me to the Course Website