Every field is separated by a colon " : " and the second field is the hash value of the user's password. Note: An x character instead of the hash indicates that encrypted password is stored in /etc/shadow file. One good thing about the hash is, its of same length for passwords of different lengths ( using the same algorithm to create a hashed value) . In above case MD5 algorithm is used to create the hash. How did I know that ??? Lets try to analyze the hash- $1$Lq1yUo3c$GF7n.Lwjc0YVhHaYvnawQ1.
Every hash has a unique identifier string, like $1$ at the start of the hash in above case indicates that the hash was created using MD5 algorithm. Below table provides the list of algorithms and their identifier strings :
|Alogrithm used||Hashed value starts with|
|Blowfish||$2$, $2a$, $2x$ or $2y$|
|SHA2 (256 or 384 bits)||$5$|
|SHA2 (512 bits)||$6$|
In the above table, algorithms are listed in the order starting with weakest (prone to attack or more vulnerable to compromise) to strongest ( no known attacks or require very long time to attack/compromise using methods like brute force ). Some common password hashing schemes only process the first eight characters of a user's password, which reduces the effective strength of the password. So how do you update the hashing algorithm used ?
Detect hashing algorithm used :
Sample output: password hashing algorithm is md5
/etc/default/password OR /etc/default/passwd (SUSE/Novell)
/etc/pam.d/system-auth-ac (Red Hat Enterprise Linux - RHEL)
/etc/security/policy.conf (Oracle Solaris)
/etc/security/login.cfg (IBM AIX)
Force user to change password: