Date: 2014sep2 OS: Linux Q. What's the format of the hashed password in /etc/shadow ? A. The manual page for crypt(3) says: If salt is a character string starting with the characters "$id$" fol- lowed by a string terminated by "$": $id$salt$encrypted then instead of using the DES machine, idm identifies the encryption method used and this then determines how the rest of the password string is interpreted. The following values of id are supported: ID | Method --------------------------------------------------------- 1 | MD5 2a | Blowfish (not in mainline glibc; added in some Linux distributions) 5 | SHA-256 (since glibc 2.7) 6 | SHA-512 (since glibc 2.7) So $5$salt$encrypted is an SHA-256 encoded password and $6$salt$encrypted is an SHA-512 encoded one. "salt" stands for the up to 16 characters following "$id$" in the salt. The encrypted part of the password string is the actual computed pass- word. The size of this string is fixed: MD5 | 22 characters SHA-256 | 43 characters SHA-512 | 86 characters The characters in "salt" and "encrypted" are drawn from the set [a–zA–Z0–9./]. In the MD5 and SHA implementations the entire key is significant (instead of only the first 8 bytes in DES). But what's not explicitly said is: - The bytes in the salt are not saved in consecutive order - The hashed password looks like its regular based64 but uses a different alphabet - The hash algorithm is run for 5000 rounds by default More info: http://people.redhat.com/drepper/sha-crypt.html http://www.akkadia.org/drepper/SHA-crypt.txt