Hash

De Linuxmemo.

Version du 16 février 2018 à 10:14

Ubuntu password storage

$1 = MD5 hashing algorithm.
$2 =Blowfish Algorithm is in use.
$2a=eksblowfish Algorithm
$5 =SHA-256 Algorithm
$6 =SHA-512 Algorithm

https://en.wikipedia.org/wiki/Crypt_(C)

$5$salt$encrypted is an SHA-256 encoded password.
$6$salt$encrypted is an SHA-512 encoded one.

How to generate a shadow style password hash?

[root@localhost ~]# openssl passwd -1 redhat123
$1$jp5rCMS4$mhvf4utonDubW5M00z0Ow0

sha1pass - Create a SHA1 password hash
sha1pass [PASSWORD] [SALT]

Format

http://openwall.info/wiki/john/hash-formats

<hash> When only the hash is present, JtR will output ”?” as the username when showing and or cracking.
<username>:<hash> (This is a basic/generic format)
<useruame>:<hash>:<uid>:<gid>:<GECOS>:<directory>:<shell> (This is a typical *nix “unshadowed” format)
<username>:<uid>:<LM-hash>:<NTLM-hash>:<comment>:<homedir>: (This is a PWDump Format)

???

MD5    hashed password using the MD5 hash algorithm
SMD5   MD5 with salt
SHA    hashed password using the SHA-1 hash algorithm
SSHA   SHA-1 with salt

Outils

• online

http://www.lorem-ipsum.co.uk/hasher.php

• commande

mkpasswd --method=help
Méthodes disponibles :
des	standard 56 bit DES-based crypt(3)
md5	MD5
sha-256	SHA-256
sha-512	SHA-512
mkpasswd --method=sha-512 --salt=ilgneZZz MotDePass
$6$ilgneZZz$3F0CFqdnusWgqidMGk0.7n7nGjjSyDLUXnY3/qYWKYlOhygJx05JuxmK6xTrCgeBP/CLZYOZ3F2Jc5TZ9w.XJ/

If you don't provide mkpasswd with a salt it will automatically generate a random salt.

Astuces

• comparer 2 hash

if [ "$hash1" = "$hash2" ]; then echo same; fi

Voir hashid