Brief summary of standard password hashes on Unix and Linux systems 2014

The following information is based on current versions of operating systems:

  • RHEL and CentOS 6.5
  • OpenSUSE 13.1
  • Ubuntu 14.04
  • Oracle Linux 6.5
  • FreeBSD 10
  • HP-UX 11i v3
  • Solaris 11
More detaild summary has been publised at Slideshare:

Brief-summary-standard-password-hashes-Aix-FreeBSD-Linux-Solaris-HP-UX-May-2014-by-Dusan-Baljevic

Contrary to popular belief, the account password entries in /etc/shadow can have more than three "$"-separators (hint: when one uses SHA-256|512 hashing and non-default number of rounds).

On standard servers, three "$"-separated values are part of the password string in /etc/shadow:

someuser:$5$Y4HhzEPz$mXSHm95E/4MQPp.3X4Km5R/ysct0WT45FzdX2mPkon.:
0:99999:7:::
Inside hashed password string

What is inside the password string $5$String1$String2:

$5      SHA-256 hashing
String1 "Y4HhzEPz" salt
String2 "mXSHm95E/4MQPp.3X4Km5R/ysct0WT45FzdX2mPkon." hashed password
The extra "$"-separted field can exist when non-default number of rounds is implemented. Then we have, for example, $6$Rounds$String1$String2:
$6$rounds=85000
$pA/kjrZS$wo0980kwEuE28ER6moiaHzuDqO/VZMoxfvbXK1i/cW2BdJjI8xH/
1WgD7RH7UaxM1SDLYsPtPgiMF9orb1Iwi.

$6      SHA-512 hashing 
Rounds  85000 times
String1 "pA/kjrZS"
String2 "wo0980kwEuE28ER6moiaHzuDqO/VZMoxfvbXK1i/cW2BdJjI8xH/
1WgD7RH7UaxM1SDLYsPtPgiMF9orb1Iwi."
Examples of valid password hashes on Linux servers
SHA-256 hashing:
$5$Y4HhzEPz$mXSHm95E/4MQPp.3X4Km5R/ysct0WT45FzdX2mPkon.

SHA-512 hashing account with non-default rounds:
$6$rounds=85000$pA/kjrZS
$wo0980kwEuE28ER6moiaHzuDqO/VZMoxfvbXK1i/cW2BdJjI8xH/
1WgD7RH7UaxM1SDLYsPtPgiMF9orb1Iwi.

SHA-512 hashing account:
$6$zgpfWfGc
$ACfCZLTLeJzLhiC1gyO0Bj5JlD337zAW.L25FpYz07QalwRQJYAJ
8AIFL69PxK2XwoDehTLzPT64AsrMUsL1o0

MD5 hashing account:
$1$6tAaCsfx$E2amS8ko4ks1lxz7izSL//

Blowfish hashing account:
$2y$05$Z4taSkam70Vc9mMqtrAby25ixpstvJUf49gqzPtjhkscGgu4Zvd6c
Linux standard hashes

In current Linux distributions, the following prefixes for hashes are standard:

"1"         hashing-algorithm=BSD-MD5
"2a"        hashing-algorithm=BSD-Blowfish
"2y"        hashing-algorithm=BSD-Blowfish (SUSE)
"5"         hashing-algorithm=SHA-256
"6"         hashing-algorithm=SHA-512
""          hashing-algorithm=DES
"_"         hashing-algorithm=Extended-BSDI-DES (SUSE)
FreeBSD 10 standard hashes

The following prefixes for hashes are standard:

"1"   hashing-algorithm=MD5
"2"   hashing-algorithm=Blowfish
"3"   hashing-algorithm=NT-Hash
"4"   (unused) 
"5"   hashing-algorithm=SHA-256
"6"   hashing-algorithm=SHA-512
The NT-hash scheme does not use a salt, and is not hard to break in.

File /etc/login.conf can be used to define the format:

passwd_format    string sha512
The encryption format that new or changed passwords will use. Valid values include "des", "md5", "blf", "sha256" and "sha512".

Solaris 11 standard hashes

"1"         hashing-algorithm=BSD-MD5
"2a"        hashing-algorithm=Blowfish
"MD5"       hashing-algorithm=SUN-MD5
"5"         hashing-algorithm=SHA-256
"6"         hashing-algorithm=SHA-512
"__unix__"  hashing-algorithm=SHA-512 (deprecated)
AIX standard hashes

File /etc/security/login.cfg, attribute pwd_algorithm defines default hash on AIX systems: crypt, which is the legacy crypt algorithm.

"crypt"    hashing-algorithm=DES
It can be changed to an algorithm listed in /etc/security/pwdalg.cfg file.

File /etc/security/pwdalg.cfg lists additional supported encryption algorithms. For AIX 7 the supported algorithms are:

"smd5"     hashing-algorithm=MD5
"ssha256"  hashing-algorithm=SHA-256
HP-UX standard hashes
"__unix__" hashing-algorithm=DES
HP-UX 11i v1 (11.11) and 11i v2 (11.23) do not support changing the encryption algorithm. To support changing the encryption algorithm on 11i v3 (11.31) systems, the Password Hash Infrastructure for HP-UX 11i v3 (PHI11i3) package must be installed (/etc/default/security, entry CRYPT_DEFAULT - default value is "__unix__"the legacy encryption algorithm). The only other supported value is 6, which implements an algorithm based on SHA-512. After adding this option, the following hashes are supported:
"6"        hashing-algorithm=SHA-512
"__unix__" hashing-algorithm=DES
Recommendations

Minimum recommended password hashing on Linux systems is SHA-512.

For different Linux distributions, one of following methods are used:

Run "authconfig --passalgo=sha512 --update"
Set "CRYPT=SHA512" in /etc/default/passwd
Modify "password" line in /etc/pam.d/common-password
Set "ENCRYPT_METHOD SHA512" in /etc/login.defs
To change the password hashing type on other Unices, follow the examples below.

On FreeBSD:

Edit /etc/login.conf
On AIX:
Edit /etc/security/login.cfg
On Solaris:
Edit /etc/security/policy.conf
On HP-UX 11i v3 (11.31) with Password Hash Infrastructure:
Edit /etc/default/security
Example of audit of pasword hashes for Linux systems

Linux-audit-account-password-hashing.pl