Shadow password

**v.cecchetto** · July 4th, 2008

During login you enter your username and your password.

Assume for example your name is:

goofy

and your password is:

pippo

In old unix system these information are stored togheter in:

/etc/passwd

goofy : pippo : other_information

Nowdays if you look in this file you cannot see your password stored after the username, instead you find an x char.

goofy : x : other_information

The password, for security reason is in another file:

/etc/shadow

goofy : $1$QIGCa$/ruJs8AvmrknzKTzM2TYE. : other_information

Naturally the password is stored not in clear text but is the 'hash' of the real password string.

Password: pippo

Hash-Password: $1$QIGCa$/ruJs8AvmrknzKTzM2TYE.

http://en.wikipedia.org/wiki/Hash_function

The algorithm used to hash the password is the md5.

http://en.wikipedia.org/wiki/MD5

But this is not the end of the story.

If you try some program to calculate hash of a string an you put in input your password you don't find as result the desired hash_password string used in the file shadow.

Why?

Because in shadow is used a particular md5-salted version of the md5 algorithm.

http://en.wikipedia.org/wiki/Salt_%28cryptography%29

To summarize, to generate the string that you find in the shadow file you need two things:

- your password
- the salt string

But i never used a salt string during my login?

Correct, but the string was the same generated by the system and is used every time you login.

Where i can find this salt string?

In the shadow file!

I describe the different part of the string and their different meaning.

You can divide the string in four parts

$1$ - QIGCa - $ - /ruJs8AvmrknzKTzM2TYE.

1. $1$ > is a special string meaning that the md5 algorithm is used
2. QIGCa > is the desired salt
3. $ > works like a space, a separation char
4. /ruJs8AvmrknzKTzM2TYE. > is the hash of the password+salt

Why a salt?

Bacause rainbow table can help you in find clear password from hash-version of the password:

http://en.wikipedia.org/wiki/Rainbow_table

How can i generate all the $1$QIGCa$/ruJs8AvmrknzKTzM2TYE. string?

I show you two way:

First:

openssl passwd -1 -salt QIGCa pippo

perl -e 'print crypt("pippo", "\$1\$QIGCa"),"\n"'

Hope i help someone!

**jojocat** · May 7th, 2009

Excellent!! Exactly what I needed...thanks so much.

**harrybazeegar** · July 9th, 2009

pretty cool intro to password system

thanks!

**Sergiu Bivol** · August 21st, 2009

Thank you! Exactly what I was looking for.

**maxoud** · July 7th, 2011

Great job, dude! I was in trouble, but I'm not there already!
Thanks a lot you for sharing your experience, this superb forum for connecting people and Google for help to find useful stuff!

**geazzy** · July 7th, 2011

wow great job

**chinmaya_n** · July 10th, 2011

Hi,

I'm using Ubuntu 11.04.
This is the string in /etc/shadow for user1 :

Code:

user1:$6$VktFMBNd$kUQHa7kXnNoaigIsjIqqMYiHIe2YDHxV.advXV98H7Y./zSYKSNoBPg986KW/Iw56hY0dLKz1eXObRBndFytF1:15143:0:99999:7:::

$6 ==> this means is it using some other algorithm (not MD5 ) ??
and
$6 - $ - VktFMBNd$kUQHa7kXnNoaigIsjIqqMYiHIe2YDHxV.advXV98H 7Y./zSYKSNoBPg986KW/Iw56hY0dLKz1eXObRBndFytF1
I could not match with the one specified in the first post.

**Dangertux** · July 10th, 2011

$6$ is SHA-512.

**bulldozer2003** · December 22nd, 2011

What is the point of the salt if it is stored in plain text?

Please correct my assumptions:

you use a rainbow table to hasten the goal of matching a hash to its plaintext
you need to already have the hashed password
if you have the hashed password, you likely have the shadow file, which means you have the salt
you can just integrate the salt when making your rainbow table

**HAPiRat** · March 20th, 2012

Bulldozer assumes:
1. you use a rainbow table to hasten the goal of matching a hash to its plaintextTrue - in general. But you won't use rainbow tables with a salted password. See #4.

2. you need to already have the hashed password
I think you mean you can see the user's hashed password. Kinda'. To be precise, you'll need the hash of the *combined* salt plus password.

3. if you have the hashed password, you likely have the shadow file, which means you have the salt
True, you will have the salt (assuming you're cracking UNIX-like shadow file).

4. you can just integrate the salt when making your rainbow table
True-ish. You will use the salt combined with wordlists/character-strings to generate all possible hashes, but you almost certainly will *not* save that as a rainbow table.

Why not? Because that rainbow table would only ever be useful if you found another password with the exact same salt. Not likely! You'd need to create millions of fully populated rainbow tables. Yikes.

So what you'd really do is combine the one salt you found, with all words and combinations in your list, to try and crack that one password one time.

So cracking the one salt/password combination is still possible, due to the salt being in plain text. It's true. Brute force/dictionary attacks are aided by attackers knowing the salt. Unfortunately. But the tradeoff is that rainbow table attacks become impractical.

Wikipedia on "salt(cryptography)":
A simple dictionary attack is still very possible, although much slower since it cannot be precomputed.