During login you enter your username and your password.
Assume for example your name is:
and your password is:
In old unix system these information are stored togheter in:
goofy : pippo : other_information
Nowdays if you look in this file you cannot see your password stored after the username, instead you find an x char.
goofy : x : other_information
The password, for security reason is in another file:
goofy : $1$QIGCa$/ruJs8AvmrknzKTzM2TYE. : other_information
Naturally the password is stored not in clear text but is the 'hash' of the real password string.
The algorithm used to hash the password is the md5.
But this is not the end of the story.
If you try some program to calculate hash of a string an you put in input your password you don't find as result the desired hash_password string used in the file shadow.
Because in shadow is used a particular md5-salted version of the md5 algorithm.
To summarize, to generate the string that you find in the shadow file you need two things:
- your password
- the salt string
But i never used a salt string during my login?
Correct, but the string was the same generated by the system and is used every time you login.
Where i can find this salt string?
In the shadow file!
I describe the different part of the string and their different meaning.
You can divide the string in four parts
$1$ - QIGCa - $ - /ruJs8AvmrknzKTzM2TYE.
1. $1$ > is a special string meaning that the md5 algorithm is used
2. QIGCa > is the desired salt
3. $ > works like a space, a separation char
4. /ruJs8AvmrknzKTzM2TYE. > is the hash of the password+salt
Why a salt?
Bacause rainbow table can help you in find clear password from hash-version of the password:
How can i generate all the $1$QIGCa$/ruJs8AvmrknzKTzM2TYE. string?
I show you two way:
openssl passwd -1 -salt QIGCa pippo
perl -e 'print crypt("pippo", "\$1\$QIGCa"),"\n"'
Hope i help someone!