$ grep demo /etc/shadow demo:$6$DdiZmmSe$eSXGHIB2gx.cHY.PR.Tfz8l00iStSgea0o7glv2ptBq8FpfSjz5XVU2GgCVzr72zAx4wG4gfYXucgoOGb3Rb7/:15786:0:99999:7:::
How to compute and generate a user password so it can be copied into the shadow file directly.
Solution and results description
The description of how the password is created can be found here:
$ man shadow encrypted password Refer to crypt(3) for details on how this string is interpreted. $ man 3 crypt Glibc Notes The glibc2 version of this function supports additional encryption algorithms. If salt is a character string starting with the characters "$id$" followed by a string terminated by "$": $id$salt$encrypted then instead of using the DES machine, id identifies the encryption method used and this then determines how the rest of the password string is interpreted. The following values of id are supported: ID | Method ───────────────────────────────────────────────────────── 1 | MD5 2a | Blowfish (not in mainline glibc; added in some | Linux distributions) 5 | SHA-256 (since glibc 2.7) 6 | SHA-512 (since glibc 2.7) So $5$salt$encrypted is an SHA-256 encoded password and $6$salt$encrypted is an SHA-512 encoded one. "salt" stands for the up to 16 characters following "$id$" in the salt. The encrypted part of the password string is the actual computed password. The size of this string is fixed: MD5 | 22 characters SHA-256 | 43 characters SHA-512 | 86 characters
Analyzing the shadow line for the demo user we can see that his password:
- uses SHA512 algorithm
- it was generated with a salt string DdiZmmSe
- it is 86 char long
$ python -c "print len('eSXGHIB2gx.cHY.PR.Tfz8l00iStSgea0o7glv2ptBq8FpfSjz5XVU2GgCVzr72zAx4wG4gfYXucgoOGb3Rb7/')" 86The first impression that we could simply use a tool to generate an SHA digest isn't going to work unfortunately. The reason is that SHA512 generates only a 512 bit long message digest (that is 64 char string) and the password in shadow file is 86 char long.
Further researching found out that even though the 'crypt' function uses the standard SHA crypto function it varies in a number of ways to produce the 86 char long string. An interesting blog describing the algorithm can be found here: http://www.vidarholen.net/contents/blog/?p=33.
There are number of ways you generate our password:
- we can use a bash script
$ ./shadow_pass.sh demo DdiZmmSe $6$DdiZmmSe$eSXGHIB2gx.cHY.PR.Tfz8l00iStSgea0o7glv2ptBq8FpfSjz5XVU2GgCVzr72zAx4wG4gfYXucgoOGb3Rb7/
- we can write a little script and call the crypt function directly to generate the password
$ python -c "import crypt, getpass, pwd; print crypt.crypt('demo', '\$6\$DdiZmmSe\$')" $6$DdiZmmSe$eSXGHIB2gx.cHY.PR.Tfz8l00iStSgea0o7glv2ptBq8FpfSjz5XVU2GgCVzr72zAx4wG4gfYXucgoOGb3Rb7/