How to find the hashing algorithm used to obfuscate passwords?
Clash Royale CLAN TAG#URR8PPP
up vote
8
down vote
favorite
I have the working password and can see the hash (/etc/passwd). How do I find the hashing algorithm used to hash the password, without manually trying different algorithms until I find a match?
hashsum passwd
edited Apr 17 at 13:20
Stephen Kitt
141k22307367
asked Mar 14 at 10:44
Dorin Botan
507
 |Â
show 5 more comments
up vote
8
down vote
favorite
I have the working password and can see the hash (/etc/passwd). How do I find the hashing algorithm used to hash the password, without manually trying different algorithms until I find a match?
hashsum passwd
edited Apr 17 at 13:20
Stephen Kitt
141k22307367
asked Mar 14 at 10:44
Dorin Botan
507
4
man 5 passwd ? man 5 shadow ?
– Archemar
Mar 14 at 10:49
1
What Unix variant are you using?
– Kusalananda
Mar 14 at 10:59
3
I'm very surprised you can see a hash in/etc/passwd. I thought all Unix/Linux variants had moved to a split with/etc/shadowyears ago. (I know such systems still support hashes inpasswdbut I know of no utilities that put them there any more. An embedded system, perhaps?
– roaima
Mar 14 at 11:02
12
Hashing isn't used to encrypt passwords. Hashing is used to hash passwords. No the same thing.
– user207421
Mar 14 at 16:08
1
@MontyHarder That's even worse, because it still implies that all the information of the password is still contained in the hash. That's not the case. A hash is irreversible.
– Bakuriu
Mar 14 at 20:16
 |Â
show 5 more comments
up vote
8
down vote
favorite
up vote
8
down vote
favorite
I have the working password and can see the hash (/etc/passwd). How do I find the hashing algorithm used to hash the password, without manually trying different algorithms until I find a match?
hashsum passwd
edited Apr 17 at 13:20
Stephen Kitt
141k22307367
asked Mar 14 at 10:44
Dorin Botan
507
I have the working password and can see the hash (/etc/passwd). How do I find the hashing algorithm used to hash the password, without manually trying different algorithms until I find a match?
hashsum passwd
edited Apr 17 at 13:20
Stephen Kitt
141k22307367
asked Mar 14 at 10:44
Dorin Botan
507
edited Apr 17 at 13:20
Stephen Kitt
141k22307367
edited Apr 17 at 13:20
Stephen Kitt
141k22307367
edited Apr 17 at 13:20
Stephen Kitt
141k22307367
141k22307367
asked Mar 14 at 10:44
Dorin Botan
507
asked Mar 14 at 10:44
Dorin Botan
507
asked Mar 14 at 10:44
Dorin Botan
507
507
4
man 5 passwd ? man 5 shadow ?
– Archemar
Mar 14 at 10:49
1
What Unix variant are you using?
– Kusalananda
Mar 14 at 10:59
3
I'm very surprised you can see a hash in/etc/passwd. I thought all Unix/Linux variants had moved to a split with/etc/shadowyears ago. (I know such systems still support hashes inpasswdbut I know of no utilities that put them there any more. An embedded system, perhaps?
– roaima
Mar 14 at 11:02
12
Hashing isn't used to encrypt passwords. Hashing is used to hash passwords. No the same thing.
– user207421
Mar 14 at 16:08
1
@MontyHarder That's even worse, because it still implies that all the information of the password is still contained in the hash. That's not the case. A hash is irreversible.
– Bakuriu
Mar 14 at 20:16
 |Â
show 5 more comments
4
man 5 passwd ? man 5 shadow ?
– Archemar
Mar 14 at 10:49
1
What Unix variant are you using?
– Kusalananda
Mar 14 at 10:59
3
I'm very surprised you can see a hash in/etc/passwd. I thought all Unix/Linux variants had moved to a split with/etc/shadowyears ago. (I know such systems still support hashes inpasswdbut I know of no utilities that put them there any more. An embedded system, perhaps?
– roaima
Mar 14 at 11:02
12
Hashing isn't used to encrypt passwords. Hashing is used to hash passwords. No the same thing.
– user207421
Mar 14 at 16:08
1
@MontyHarder That's even worse, because it still implies that all the information of the password is still contained in the hash. That's not the case. A hash is irreversible.
– Bakuriu
Mar 14 at 20:16
4
4
man 5 passwd ? man 5 shadow ?
– Archemar
Mar 14 at 10:49
man 5 passwd ? man 5 shadow ?
– Archemar
Mar 14 at 10:49
1
1
What Unix variant are you using?
– Kusalananda
Mar 14 at 10:59
What Unix variant are you using?
– Kusalananda
Mar 14 at 10:59
3
3
I'm very surprised you can see a hash in
/etc/passwd. I thought all Unix/Linux variants had moved to a split with /etc/shadow years ago. (I know such systems still support hashes in passwd but I know of no utilities that put them there any more. An embedded system, perhaps?– roaima
Mar 14 at 11:02
I'm very surprised you can see a hash in
/etc/passwd. I thought all Unix/Linux variants had moved to a split with /etc/shadow years ago. (I know such systems still support hashes in passwd but I know of no utilities that put them there any more. An embedded system, perhaps?– roaima
Mar 14 at 11:02
12
12
Hashing isn't used to encrypt passwords. Hashing is used to hash passwords. No the same thing.
– user207421
Mar 14 at 16:08
Hashing isn't used to encrypt passwords. Hashing is used to hash passwords. No the same thing.
– user207421
Mar 14 at 16:08
1
1
@MontyHarder That's even worse, because it still implies that all the information of the password is still contained in the hash. That's not the case. A hash is irreversible.
– Bakuriu
Mar 14 at 20:16
@MontyHarder That's even worse, because it still implies that all the information of the password is still contained in the hash. That's not the case. A hash is irreversible.
– Bakuriu
Mar 14 at 20:16
 |Â
show 5 more comments
1 Answer
1
active
oldest
votes
up vote
22
down vote
accepted
This is documented in crypt(3)’s manpage, which you can find via shadow(5)’s manpage, or passwd(5)’s. Those links are appropriate for modern Linux-based systems; the description there is:
If salt is a character string starting with the characters "$id$"
followed by a string optionally terminated by "$", then the result
has the form:$id$salt$encrypted
id identifies the encryption method used instead of DES and this then
determines how the rest of the password string is interpreted. The
following values of id are supported:ID | Method
─────────────────────────────────────────────────────────
1 | MD5
2a | Blowfish (not in mainline glibc; added in some
| Linux distributions)
5 | SHA-256 (since glibc 2.7)
6 | SHA-512 (since glibc 2.7)
So if a hashed password is stored in the above format, you can find the algorithm used by looking at the id; otherwise it’s crypt’s default DES algorithm.
Other platforms support other algorithms, so check the crypt manpage there. For example, OpenBSD’s crypt(3) supports DES (which is the default since Unix V7) and Blowfish, which it identifies using the id “2bâ€Â.
answered Mar 14 at 10:57
Stephen Kitt
141k22307367
See passlib.readthedocs.io/en/stable/modular_crypt_format.html for more
– Stéphane Chazelas
Mar 14 at 17:15
1
DES based passwords are BTW always 13 characters long and consist of alphanumerical characters as well as.and/. The first 2 characters is the salt and the other 11 is a hash value (sort of). And it is the only one of the algorithms supported bycryptwhich is so weak that you cannot compensate for it by choosing a stronger password.
– kasperd
Mar 15 at 0:11
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
22
down vote
accepted
This is documented in crypt(3)’s manpage, which you can find via shadow(5)’s manpage, or passwd(5)’s. Those links are appropriate for modern Linux-based systems; the description there is:
If salt is a character string starting with the characters "$id$"
followed by a string optionally terminated by "$", then the result
has the form:$id$salt$encrypted
id identifies the encryption method used instead of DES and this then
determines how the rest of the password string is interpreted. The
following values of id are supported:ID | Method
─────────────────────────────────────────────────────────
1 | MD5
2a | Blowfish (not in mainline glibc; added in some
| Linux distributions)
5 | SHA-256 (since glibc 2.7)
6 | SHA-512 (since glibc 2.7)
So if a hashed password is stored in the above format, you can find the algorithm used by looking at the id; otherwise it’s crypt’s default DES algorithm.
Other platforms support other algorithms, so check the crypt manpage there. For example, OpenBSD’s crypt(3) supports DES (which is the default since Unix V7) and Blowfish, which it identifies using the id “2bâ€Â.
answered Mar 14 at 10:57
Stephen Kitt
141k22307367
See passlib.readthedocs.io/en/stable/modular_crypt_format.html for more
– Stéphane Chazelas
Mar 14 at 17:15
1
DES based passwords are BTW always 13 characters long and consist of alphanumerical characters as well as.and/. The first 2 characters is the salt and the other 11 is a hash value (sort of). And it is the only one of the algorithms supported bycryptwhich is so weak that you cannot compensate for it by choosing a stronger password.
– kasperd
Mar 15 at 0:11
add a comment |Â
up vote
22
down vote
accepted
This is documented in crypt(3)’s manpage, which you can find via shadow(5)’s manpage, or passwd(5)’s. Those links are appropriate for modern Linux-based systems; the description there is:
If salt is a character string starting with the characters "$id$"
followed by a string optionally terminated by "$", then the result
has the form:$id$salt$encrypted
id identifies the encryption method used instead of DES and this then
determines how the rest of the password string is interpreted. The
following values of id are supported:ID | Method
─────────────────────────────────────────────────────────
1 | MD5
2a | Blowfish (not in mainline glibc; added in some
| Linux distributions)
5 | SHA-256 (since glibc 2.7)
6 | SHA-512 (since glibc 2.7)
So if a hashed password is stored in the above format, you can find the algorithm used by looking at the id; otherwise it’s crypt’s default DES algorithm.
Other platforms support other algorithms, so check the crypt manpage there. For example, OpenBSD’s crypt(3) supports DES (which is the default since Unix V7) and Blowfish, which it identifies using the id “2bâ€Â.
answered Mar 14 at 10:57
Stephen Kitt
141k22307367
See passlib.readthedocs.io/en/stable/modular_crypt_format.html for more
– Stéphane Chazelas
Mar 14 at 17:15
1
DES based passwords are BTW always 13 characters long and consist of alphanumerical characters as well as.and/. The first 2 characters is the salt and the other 11 is a hash value (sort of). And it is the only one of the algorithms supported bycryptwhich is so weak that you cannot compensate for it by choosing a stronger password.
– kasperd
Mar 15 at 0:11
add a comment |Â
up vote
22
down vote
accepted
up vote
22
down vote
accepted
This is documented in crypt(3)’s manpage, which you can find via shadow(5)’s manpage, or passwd(5)’s. Those links are appropriate for modern Linux-based systems; the description there is:
If salt is a character string starting with the characters "$id$"
followed by a string optionally terminated by "$", then the result
has the form:$id$salt$encrypted
id identifies the encryption method used instead of DES and this then
determines how the rest of the password string is interpreted. The
following values of id are supported:ID | Method
─────────────────────────────────────────────────────────
1 | MD5
2a | Blowfish (not in mainline glibc; added in some
| Linux distributions)
5 | SHA-256 (since glibc 2.7)
6 | SHA-512 (since glibc 2.7)
So if a hashed password is stored in the above format, you can find the algorithm used by looking at the id; otherwise it’s crypt’s default DES algorithm.
Other platforms support other algorithms, so check the crypt manpage there. For example, OpenBSD’s crypt(3) supports DES (which is the default since Unix V7) and Blowfish, which it identifies using the id “2bâ€Â.
answered Mar 14 at 10:57
Stephen Kitt
141k22307367
This is documented in crypt(3)’s manpage, which you can find via shadow(5)’s manpage, or passwd(5)’s. Those links are appropriate for modern Linux-based systems; the description there is:
If salt is a character string starting with the characters "$id$"
followed by a string optionally terminated by "$", then the result
has the form:$id$salt$encrypted
id identifies the encryption method used instead of DES and this then
determines how the rest of the password string is interpreted. The
following values of id are supported:ID | Method
─────────────────────────────────────────────────────────
1 | MD5
2a | Blowfish (not in mainline glibc; added in some
| Linux distributions)
5 | SHA-256 (since glibc 2.7)
6 | SHA-512 (since glibc 2.7)
So if a hashed password is stored in the above format, you can find the algorithm used by looking at the id; otherwise it’s crypt’s default DES algorithm.
Other platforms support other algorithms, so check the crypt manpage there. For example, OpenBSD’s crypt(3) supports DES (which is the default since Unix V7) and Blowfish, which it identifies using the id “2bâ€Â.
answered Mar 14 at 10:57
Stephen Kitt
141k22307367
edited Mar 14 at 11:12
answered Mar 14 at 10:57
Stephen Kitt
141k22307367
answered Mar 14 at 10:57
Stephen Kitt
141k22307367
answered Mar 14 at 10:57
Stephen Kitt
141k22307367
141k22307367
See passlib.readthedocs.io/en/stable/modular_crypt_format.html for more
– Stéphane Chazelas
Mar 14 at 17:15
1
DES based passwords are BTW always 13 characters long and consist of alphanumerical characters as well as.and/. The first 2 characters is the salt and the other 11 is a hash value (sort of). And it is the only one of the algorithms supported bycryptwhich is so weak that you cannot compensate for it by choosing a stronger password.
– kasperd
Mar 15 at 0:11
add a comment |Â
See passlib.readthedocs.io/en/stable/modular_crypt_format.html for more
– Stéphane Chazelas
Mar 14 at 17:15
1
DES based passwords are BTW always 13 characters long and consist of alphanumerical characters as well as.and/. The first 2 characters is the salt and the other 11 is a hash value (sort of). And it is the only one of the algorithms supported bycryptwhich is so weak that you cannot compensate for it by choosing a stronger password.
– kasperd
Mar 15 at 0:11
See passlib.readthedocs.io/en/stable/modular_crypt_format.html for more
– Stéphane Chazelas
Mar 14 at 17:15
See passlib.readthedocs.io/en/stable/modular_crypt_format.html for more
– Stéphane Chazelas
Mar 14 at 17:15
1
1
DES based passwords are BTW always 13 characters long and consist of alphanumerical characters as well as
. and /. The first 2 characters is the salt and the other 11 is a hash value (sort of). And it is the only one of the algorithms supported by crypt which is so weak that you cannot compensate for it by choosing a stronger password.– kasperd
Mar 15 at 0:11
DES based passwords are BTW always 13 characters long and consist of alphanumerical characters as well as
. and /. The first 2 characters is the salt and the other 11 is a hash value (sort of). And it is the only one of the algorithms supported by crypt which is so weak that you cannot compensate for it by choosing a stronger password.– kasperd
Mar 15 at 0:11
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f430141%2fhow-to-find-the-hashing-algorithm-used-to-obfuscate-passwords%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
4
man 5 passwd ? man 5 shadow ?
– Archemar
Mar 14 at 10:49
1
What Unix variant are you using?
– Kusalananda
Mar 14 at 10:59
3
I'm very surprised you can see a hash in
/etc/passwd. I thought all Unix/Linux variants had moved to a split with/etc/shadowyears ago. (I know such systems still support hashes inpasswdbut I know of no utilities that put them there any more. An embedded system, perhaps?– roaima
Mar 14 at 11:02
12
Hashing isn't used to encrypt passwords. Hashing is used to hash passwords. No the same thing.
– user207421
Mar 14 at 16:08
1
@MontyHarder That's even worse, because it still implies that all the information of the password is still contained in the hash. That's not the case. A hash is irreversible.
– Bakuriu
Mar 14 at 20:16