Skip to main content


Showing posts from February, 2013

Quickly find out the weak password hashes on a unix box

A password hash generated using algorithms like MD5, BSD, SHA1 or other default hashing algorithm is said be a weak hash, since there are known attacks. Its important to using a hashing algorithm like SHA-2 ( SHA-224, SHA-256, SHA-384, SHA-512 ) since till date there are no known attacks. On a UNIX based operating system , passwords are hashed and stored in either /etc/passwd or /etc/shadow file. If the /etc/shadow file is missing on the system, it can be generated by running the command pwconv, which will move the password hashes from /etc/passwd to /etc/shadow and then place character 'x' as a placeholder in passwd file - indicating that the password hash is stored in shadow file.

Linux/Unix systems must employ password hashes using the SHA-2 family of algorithms or FIPS 140-2 approved successors. Use of unapproved algorithms may result in weak password hashes, which are more vulnerable to compromise. Check /etc/passwd and /etc/shadow file for password hashes. Typically /et…