ENCRYPTION OF /ETC/SHADOW FILE


Hie Frnd's
Today We Are Going To See How The /etc/shadow File Get Encrypt in Linux .

INTRODUCTION

For understanding how this entire thing works, let's take the case of the previously shown example entry for root user, from /etc/shadow file.
?
1
2
[root@slashroot1 ~]# cat /etc/shadow
root:$1$Etg2ExUZ$F9NTP7omafhKIlqaBMqng1:15651:0:99999:7:::
From the above shown example entry, our topic of interest is the second field(the field with the encoded hash of the password).

$1$Etg2ExUZ$F9NTP7omafhKIlqaBMqng1
 The above shown encoded hash value can be further classified into three different fields as below.
1. The first field is a numerical number that tell's you the hashing algorithm that's being used.
  • $1 = MD5 hashing algorithm.
  •  $2 =Blowfish Algorithm is in use.
  •  $2a=eksblowfish Algorithm
  •  $5 =SHA-256 Algorithm
  •  $6 =SHA-512 Algorithm
2. The second field is the salt value
Salt value is nothing but a random data that's generated to combine with the original password, inorder to increase the strength of the hash..
3.The last field is the hash value of salt+user password (we will be discussing this shortly).

So in our example entry of root, as shown below,
$1$Etg2ExUZ$F9NTP7omafhKIlqaBMqng1
The above shown encoded password is using MD5 hashing algorithm (because the of $1$)
Salt value is Etg2ExUZ (the content between the second and third $ sign)
And the hash value of "PASSWORD + SALT"Let' s reproduce the same output by providing the salt value of Etg2ExUZ and the original password.
?
1
2
3
[root@slashroot1 ~]# openssl passwd -1 -salt Etg2ExUZ redhat
$1$Etg2ExUZ$F9NTP7omafhKIlqaBMqng1
[root@slashroot1 ~]#
With the help of the above openssl command, you can see that the encoded entry can only be reproduced with the exact same salt value (which is always randomly selected by the password program).
This is what is done by the login program when you enter the password, it uses the salt value and your entered password to create an encoded string. If that encoded string matches the encoded string from the shadow file, then the user login is considered as successful.
Changing the salt will change the entry in shadow file. -1 option used in the above command, tell's which hashing algorithm to use( 1 indicates md5 algorithm).

IF Salt is Not Used ?

  • Salt value is a major component that strengthens the way a linux system stores password. Imagine that there is no salt value applied before storing passwords in linux. As we have discussed in the beginning of this article, a dictionary attack with common dictionary words will become much more easier to do.
     By using the salt value(which is randomly generated while generating      passwords), an attacker needs to go throgh different combinations of salt    values as well as password string's to guess what the original password is.
  • An attacker cannot easily guess that two user's are using same passwords. Because even if the attacker has somehow gained access to the shadow file, he cannot say looking at two encoded passwords, that they are using the same password. This is because both of them will be having different salt values.

0 comments: