I have the working password and can see the hash (/etc/passwd). How do I find the hashing algorithm used to hash the password, without manually trying different algorithms until I find a match?
1 Answer
This is documented in crypt(3)’s manpage, which you can find via shadow(5)’s manpage, or passwd(5)’s. Those links are appropriate for modern Linux-based systems; the description there is:
If salt is a character string starting with the characters "$id$" followed by a string optionally terminated by "$", then the result has the form:
$id$salt$encryptedid identifies the encryption method used instead of DES and this then determines how the rest of the password string is interpreted. The following values of id are supported:
ID | Method ───────────────────────────────────────────────────────── 1 | MD5 2a | Blowfish (not in mainline glibc; added in some | Linux distributions) 5 | SHA-256 (since glibc 2.7) 6 | SHA-512 (since glibc 2.7)
Blowfish, also known as bcrypt, is also identified by prefixes 2, 2b, 2x, and 2y (see PassLib’s documentation).
So if a hashed password is stored in the above format, you can find the algorithm used by looking at the id; otherwise it’s crypt’s default DES algorithm (with a 13-character hash), or “big” crypt’s DES (extended to support 128-character passwords, with hashes up to 178 characters in length), or BSDI extended DES (with a _ prefix followed by a 19-character hash).
Some distributions use libxcrypt which supports and documents quite a few more methods:
y: yescryptgy: gost-yescrypt7: scryptsha1: sha1cryptmd5: SunMD5
Other platforms support other algorithms, so check the crypt manpage there. For example, OpenBSD’s crypt(3) only supports Blowfish, which it identifies using the id “2b”.
answered Mar 14, 2018 at 10:57
-
2DES based passwords are BTW always 13 characters long and consist of alphanumerical characters as well as
.and/. The first 2 characters is the salt and the other 11 is a hash value (sort of). And it is the only one of the algorithms supported bycryptwhich is so weak that you cannot compensate for it by choosing a stronger password.kasperd– kasperd2018-03-15 00:11:58 +00:00Commented Mar 15, 2018 at 0:11 -
1If anyone else is wondering why their local
man 3 cryptlooks nothing like this, it’s likely becauselibxcryptreplaces that man page with its own, which doesn’t have this valuable contents (but a less concise equivalent is to be found inman 5 crypt).libxcryptis de facto installed on many(?) systems (as it’s required by SystemD, OpenSSH, CUPS, Python…).Maëlan– Maëlan2022-01-07 19:22:10 +00:00Commented Jan 7, 2022 at 19:22 -
Might be worth noting that none of those
$x$hashes use just a single run of the listed algorithm, but use iterated algorithms to make brute-force searches slower. The man page does mention setting the number of rounds for SHA-256 and SHA-512, but the table doesn't make it too clear.ilkkachu– ilkkachu2025-02-22 17:44:02 +00:00Commented Feb 22 at 17:44
/etc/passwd. I thought all Unix/Linux variants had moved to a split with/etc/shadowyears ago. (I know such systems still support hashes inpasswdbut I know of no utilities that put them there any more. An embedded system, perhaps?/etc/passwdhere. This however does not change the matter of the question. Does it?/etc/shadowand they have no file by that name.