How to find the hashing algorithm used to obfuscate passwords?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
8
down vote

favorite












I have the working password and can see the hash (/etc/passwd). How do I find the hashing algorithm used to hash the password, without manually trying different algorithms until I find a match?







share|improve this question


















  • 4




    man 5 passwd ? man 5 shadow ?
    – Archemar
    Mar 14 at 10:49






  • 1




    What Unix variant are you using?
    – Kusalananda
    Mar 14 at 10:59






  • 3




    I'm very surprised you can see a hash in /etc/passwd. I thought all Unix/Linux variants had moved to a split with /etc/shadow years ago. (I know such systems still support hashes in passwd but I know of no utilities that put them there any more. An embedded system, perhaps?
    – roaima
    Mar 14 at 11:02







  • 12




    Hashing isn't used to encrypt passwords. Hashing is used to hash passwords. No the same thing.
    – user207421
    Mar 14 at 16:08






  • 1




    @MontyHarder That's even worse, because it still implies that all the information of the password is still contained in the hash. That's not the case. A hash is irreversible.
    – Bakuriu
    Mar 14 at 20:16














up vote
8
down vote

favorite












I have the working password and can see the hash (/etc/passwd). How do I find the hashing algorithm used to hash the password, without manually trying different algorithms until I find a match?







share|improve this question


















  • 4




    man 5 passwd ? man 5 shadow ?
    – Archemar
    Mar 14 at 10:49






  • 1




    What Unix variant are you using?
    – Kusalananda
    Mar 14 at 10:59






  • 3




    I'm very surprised you can see a hash in /etc/passwd. I thought all Unix/Linux variants had moved to a split with /etc/shadow years ago. (I know such systems still support hashes in passwd but I know of no utilities that put them there any more. An embedded system, perhaps?
    – roaima
    Mar 14 at 11:02







  • 12




    Hashing isn't used to encrypt passwords. Hashing is used to hash passwords. No the same thing.
    – user207421
    Mar 14 at 16:08






  • 1




    @MontyHarder That's even worse, because it still implies that all the information of the password is still contained in the hash. That's not the case. A hash is irreversible.
    – Bakuriu
    Mar 14 at 20:16












up vote
8
down vote

favorite









up vote
8
down vote

favorite











I have the working password and can see the hash (/etc/passwd). How do I find the hashing algorithm used to hash the password, without manually trying different algorithms until I find a match?







share|improve this question














I have the working password and can see the hash (/etc/passwd). How do I find the hashing algorithm used to hash the password, without manually trying different algorithms until I find a match?









share|improve this question













share|improve this question




share|improve this question








edited Apr 17 at 13:20









Stephen Kitt

141k22307367




141k22307367










asked Mar 14 at 10:44









Dorin Botan

507




507







  • 4




    man 5 passwd ? man 5 shadow ?
    – Archemar
    Mar 14 at 10:49






  • 1




    What Unix variant are you using?
    – Kusalananda
    Mar 14 at 10:59






  • 3




    I'm very surprised you can see a hash in /etc/passwd. I thought all Unix/Linux variants had moved to a split with /etc/shadow years ago. (I know such systems still support hashes in passwd but I know of no utilities that put them there any more. An embedded system, perhaps?
    – roaima
    Mar 14 at 11:02







  • 12




    Hashing isn't used to encrypt passwords. Hashing is used to hash passwords. No the same thing.
    – user207421
    Mar 14 at 16:08






  • 1




    @MontyHarder That's even worse, because it still implies that all the information of the password is still contained in the hash. That's not the case. A hash is irreversible.
    – Bakuriu
    Mar 14 at 20:16












  • 4




    man 5 passwd ? man 5 shadow ?
    – Archemar
    Mar 14 at 10:49






  • 1




    What Unix variant are you using?
    – Kusalananda
    Mar 14 at 10:59






  • 3




    I'm very surprised you can see a hash in /etc/passwd. I thought all Unix/Linux variants had moved to a split with /etc/shadow years ago. (I know such systems still support hashes in passwd but I know of no utilities that put them there any more. An embedded system, perhaps?
    – roaima
    Mar 14 at 11:02







  • 12




    Hashing isn't used to encrypt passwords. Hashing is used to hash passwords. No the same thing.
    – user207421
    Mar 14 at 16:08






  • 1




    @MontyHarder That's even worse, because it still implies that all the information of the password is still contained in the hash. That's not the case. A hash is irreversible.
    – Bakuriu
    Mar 14 at 20:16







4




4




man 5 passwd ? man 5 shadow ?
– Archemar
Mar 14 at 10:49




man 5 passwd ? man 5 shadow ?
– Archemar
Mar 14 at 10:49




1




1




What Unix variant are you using?
– Kusalananda
Mar 14 at 10:59




What Unix variant are you using?
– Kusalananda
Mar 14 at 10:59




3




3




I'm very surprised you can see a hash in /etc/passwd. I thought all Unix/Linux variants had moved to a split with /etc/shadow years ago. (I know such systems still support hashes in passwd but I know of no utilities that put them there any more. An embedded system, perhaps?
– roaima
Mar 14 at 11:02





I'm very surprised you can see a hash in /etc/passwd. I thought all Unix/Linux variants had moved to a split with /etc/shadow years ago. (I know such systems still support hashes in passwd but I know of no utilities that put them there any more. An embedded system, perhaps?
– roaima
Mar 14 at 11:02





12




12




Hashing isn't used to encrypt passwords. Hashing is used to hash passwords. No the same thing.
– user207421
Mar 14 at 16:08




Hashing isn't used to encrypt passwords. Hashing is used to hash passwords. No the same thing.
– user207421
Mar 14 at 16:08




1




1




@MontyHarder That's even worse, because it still implies that all the information of the password is still contained in the hash. That's not the case. A hash is irreversible.
– Bakuriu
Mar 14 at 20:16




@MontyHarder That's even worse, because it still implies that all the information of the password is still contained in the hash. That's not the case. A hash is irreversible.
– Bakuriu
Mar 14 at 20:16










1 Answer
1






active

oldest

votes

















up vote
22
down vote



accepted










This is documented in crypt(3)’s manpage, which you can find via shadow(5)’s manpage, or passwd(5)’s. Those links are appropriate for modern Linux-based systems; the description there is:




If salt is a character string starting with the characters "$id$"
followed by a string optionally terminated by "$", then the result
has the form:



$id$salt$encrypted


id identifies the encryption method used instead of DES and this then
determines how the rest of the password string is interpreted. The
following values of id are supported:



ID | Method
─────────────────────────────────────────────────────────
1 | MD5
2a | Blowfish (not in mainline glibc; added in some
| Linux distributions)
5 | SHA-256 (since glibc 2.7)
6 | SHA-512 (since glibc 2.7)



So if a hashed password is stored in the above format, you can find the algorithm used by looking at the id; otherwise it’s crypt’s default DES algorithm.



Other platforms support other algorithms, so check the crypt manpage there. For example, OpenBSD’s crypt(3) supports DES (which is the default since Unix V7) and Blowfish, which it identifies using the id “2b”.






share|improve this answer






















  • See passlib.readthedocs.io/en/stable/modular_crypt_format.html for more
    – Stéphane Chazelas
    Mar 14 at 17:15






  • 1




    DES based passwords are BTW always 13 characters long and consist of alphanumerical characters as well as . and /. The first 2 characters is the salt and the other 11 is a hash value (sort of). And it is the only one of the algorithms supported by crypt which is so weak that you cannot compensate for it by choosing a stronger password.
    – kasperd
    Mar 15 at 0:11










Your Answer







StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: false,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);








 

draft saved


draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f430141%2fhow-to-find-the-hashing-algorithm-used-to-obfuscate-passwords%23new-answer', 'question_page');

);

Post as a guest






























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes








up vote
22
down vote



accepted










This is documented in crypt(3)’s manpage, which you can find via shadow(5)’s manpage, or passwd(5)’s. Those links are appropriate for modern Linux-based systems; the description there is:




If salt is a character string starting with the characters "$id$"
followed by a string optionally terminated by "$", then the result
has the form:



$id$salt$encrypted


id identifies the encryption method used instead of DES and this then
determines how the rest of the password string is interpreted. The
following values of id are supported:



ID | Method
─────────────────────────────────────────────────────────
1 | MD5
2a | Blowfish (not in mainline glibc; added in some
| Linux distributions)
5 | SHA-256 (since glibc 2.7)
6 | SHA-512 (since glibc 2.7)



So if a hashed password is stored in the above format, you can find the algorithm used by looking at the id; otherwise it’s crypt’s default DES algorithm.



Other platforms support other algorithms, so check the crypt manpage there. For example, OpenBSD’s crypt(3) supports DES (which is the default since Unix V7) and Blowfish, which it identifies using the id “2b”.






share|improve this answer






















  • See passlib.readthedocs.io/en/stable/modular_crypt_format.html for more
    – Stéphane Chazelas
    Mar 14 at 17:15






  • 1




    DES based passwords are BTW always 13 characters long and consist of alphanumerical characters as well as . and /. The first 2 characters is the salt and the other 11 is a hash value (sort of). And it is the only one of the algorithms supported by crypt which is so weak that you cannot compensate for it by choosing a stronger password.
    – kasperd
    Mar 15 at 0:11














up vote
22
down vote



accepted










This is documented in crypt(3)’s manpage, which you can find via shadow(5)’s manpage, or passwd(5)’s. Those links are appropriate for modern Linux-based systems; the description there is:




If salt is a character string starting with the characters "$id$"
followed by a string optionally terminated by "$", then the result
has the form:



$id$salt$encrypted


id identifies the encryption method used instead of DES and this then
determines how the rest of the password string is interpreted. The
following values of id are supported:



ID | Method
─────────────────────────────────────────────────────────
1 | MD5
2a | Blowfish (not in mainline glibc; added in some
| Linux distributions)
5 | SHA-256 (since glibc 2.7)
6 | SHA-512 (since glibc 2.7)



So if a hashed password is stored in the above format, you can find the algorithm used by looking at the id; otherwise it’s crypt’s default DES algorithm.



Other platforms support other algorithms, so check the crypt manpage there. For example, OpenBSD’s crypt(3) supports DES (which is the default since Unix V7) and Blowfish, which it identifies using the id “2b”.






share|improve this answer






















  • See passlib.readthedocs.io/en/stable/modular_crypt_format.html for more
    – Stéphane Chazelas
    Mar 14 at 17:15






  • 1




    DES based passwords are BTW always 13 characters long and consist of alphanumerical characters as well as . and /. The first 2 characters is the salt and the other 11 is a hash value (sort of). And it is the only one of the algorithms supported by crypt which is so weak that you cannot compensate for it by choosing a stronger password.
    – kasperd
    Mar 15 at 0:11












up vote
22
down vote



accepted







up vote
22
down vote



accepted






This is documented in crypt(3)’s manpage, which you can find via shadow(5)’s manpage, or passwd(5)’s. Those links are appropriate for modern Linux-based systems; the description there is:




If salt is a character string starting with the characters "$id$"
followed by a string optionally terminated by "$", then the result
has the form:



$id$salt$encrypted


id identifies the encryption method used instead of DES and this then
determines how the rest of the password string is interpreted. The
following values of id are supported:



ID | Method
─────────────────────────────────────────────────────────
1 | MD5
2a | Blowfish (not in mainline glibc; added in some
| Linux distributions)
5 | SHA-256 (since glibc 2.7)
6 | SHA-512 (since glibc 2.7)



So if a hashed password is stored in the above format, you can find the algorithm used by looking at the id; otherwise it’s crypt’s default DES algorithm.



Other platforms support other algorithms, so check the crypt manpage there. For example, OpenBSD’s crypt(3) supports DES (which is the default since Unix V7) and Blowfish, which it identifies using the id “2b”.






share|improve this answer














This is documented in crypt(3)’s manpage, which you can find via shadow(5)’s manpage, or passwd(5)’s. Those links are appropriate for modern Linux-based systems; the description there is:




If salt is a character string starting with the characters "$id$"
followed by a string optionally terminated by "$", then the result
has the form:



$id$salt$encrypted


id identifies the encryption method used instead of DES and this then
determines how the rest of the password string is interpreted. The
following values of id are supported:



ID | Method
─────────────────────────────────────────────────────────
1 | MD5
2a | Blowfish (not in mainline glibc; added in some
| Linux distributions)
5 | SHA-256 (since glibc 2.7)
6 | SHA-512 (since glibc 2.7)



So if a hashed password is stored in the above format, you can find the algorithm used by looking at the id; otherwise it’s crypt’s default DES algorithm.



Other platforms support other algorithms, so check the crypt manpage there. For example, OpenBSD’s crypt(3) supports DES (which is the default since Unix V7) and Blowfish, which it identifies using the id “2b”.







share|improve this answer














share|improve this answer



share|improve this answer








edited Mar 14 at 11:12

























answered Mar 14 at 10:57









Stephen Kitt

141k22307367




141k22307367











  • See passlib.readthedocs.io/en/stable/modular_crypt_format.html for more
    – Stéphane Chazelas
    Mar 14 at 17:15






  • 1




    DES based passwords are BTW always 13 characters long and consist of alphanumerical characters as well as . and /. The first 2 characters is the salt and the other 11 is a hash value (sort of). And it is the only one of the algorithms supported by crypt which is so weak that you cannot compensate for it by choosing a stronger password.
    – kasperd
    Mar 15 at 0:11
















  • See passlib.readthedocs.io/en/stable/modular_crypt_format.html for more
    – Stéphane Chazelas
    Mar 14 at 17:15






  • 1




    DES based passwords are BTW always 13 characters long and consist of alphanumerical characters as well as . and /. The first 2 characters is the salt and the other 11 is a hash value (sort of). And it is the only one of the algorithms supported by crypt which is so weak that you cannot compensate for it by choosing a stronger password.
    – kasperd
    Mar 15 at 0:11















See passlib.readthedocs.io/en/stable/modular_crypt_format.html for more
– Stéphane Chazelas
Mar 14 at 17:15




See passlib.readthedocs.io/en/stable/modular_crypt_format.html for more
– Stéphane Chazelas
Mar 14 at 17:15




1




1




DES based passwords are BTW always 13 characters long and consist of alphanumerical characters as well as . and /. The first 2 characters is the salt and the other 11 is a hash value (sort of). And it is the only one of the algorithms supported by crypt which is so weak that you cannot compensate for it by choosing a stronger password.
– kasperd
Mar 15 at 0:11




DES based passwords are BTW always 13 characters long and consist of alphanumerical characters as well as . and /. The first 2 characters is the salt and the other 11 is a hash value (sort of). And it is the only one of the algorithms supported by crypt which is so weak that you cannot compensate for it by choosing a stronger password.
– kasperd
Mar 15 at 0:11












 

draft saved


draft discarded


























 


draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f430141%2fhow-to-find-the-hashing-algorithm-used-to-obfuscate-passwords%23new-answer', 'question_page');

);

Post as a guest













































































Popular posts from this blog

How to check contact read email or not when send email to Individual?

Displaying single band from multi-band raster using QGIS

How many registers does an x86_64 CPU actually have?