Hi friends,
can any one let me know what hash algorithm is used by linux system for its shadow passwords. I'm totally confused some say MD5 and some SHA-512 which one is true and can give the source for answer if got them.
Thanks
linux learner
scrappy57
-1
Newbie Poster
Recommended Answers
Jump to PostOnly older kernels that haven't been updated would have MD5, now ... you should check with the homepage of the version of Linux you are interested in. I don't know of any list of the distro's, and what encryption each one is using.
it doesnt depend on the kernel, and …
All 4 Replies
jephthah
1,888
Posting Maven
as of Dec 2008, MD5 is known to be broken. Older linux distributions used MD5. Newer ones do not.
the US Government declared
Do not use the MD5 algorithm
Software developers, Certification Authorities, website owners, and users should avoid using the MD5 algorithm in any capacity. As previous research has demonstrated, it should be considered cryptographically broken and unsuitable for further use.
--US-CERT Vulnerability Note VU#836068 (Dec 2008)
.
scrappy57
-1
Newbie Poster
Great mate
cheers
Adak
419
Nearly a Posting Virtuoso
Hi friends,
can any one let me know what hash algorithm is used by linux system for its shadow passwords. I'm totally confused some say MD5 and some SHA-512 which one is true and can give the source for answer if got them.Thanks
linux learner
Only older kernels that haven't been updated would have MD5, now. MD5 encryption was found to be weak when collision analysis was applied.
Before saying anything definitive about their current encryption method, you should check with the homepage of the version of Linux you are interested in. I don't know of any list of the distro's, and what encryption each one is using.
jephthah
commented:
"me too"
-1
jephthah
1,888
Posting Maven
Only older kernels that haven't been updated would have MD5, now ... you should check with the homepage of the version of Linux you are interested in. I don't know of any list of the distro's, and what encryption each one is using.
it doesnt depend on the kernel, and the homepage isnt going to tell you what hash is used for password authentication.
if you're going to "me too" a thread, at least post some useful or at least correct information.
the password hashing algorithm is set in the /etc/pam.d by the pam_unix login script. any hash method can be set, whehter it's Blowfish or SHA256 or SHA512 or others. MD5 is still an option but probably should not be set. there are provisions to revert to a default hash algorithm if an option is set that is not available. this default may still be MD5 in many cases.
upon further review, it seems that some (perhaps many) distributions may still have MD5 set as default during the install. of course this can be changed by the installer.
collision attack weakness is important for digital certificates. the so-called preimage attack is theoretical. checksums can be generated in advance by a malicious software writer, but practically speaking for password encryption, this is not an issue if a sufficiently-long salt string is used, which seems to be the case.
.
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.