Password Storage in Unix

security operating-systems

Definition

Password Storage in Unix

On Unix and Linux systems, user credentials are stored in the file /etc/shadow. Each user occupies one line with nine fields separated by colons.

Fields

Position	Field	Description
1	username	the login name
2	password data	the hashed password in modular crypt format
3–9	additional	last password change, minimum/maximum age, warning period, inactivity period, expiration date, reserved

Password Field Format

Modular Crypt Format

The password field typically has the form

$$\$\text{id}\$\text{rounds}=xxx\$\text{salt}\$\text{hashedpwd}$$

id

Identifies the algorithm used to compute the hash.

• 1: MD5
• 5: SHA-256
• 6: SHA-512
• y: yescrypt

rounds=xxx SHA-256 and SHA-512. Defaults to 5000 when omitted. Increases the cost of offline attacks.

Optional iteration count for

salt A randomly generated per-user salt.

hashedpwd

The derived hash value.

Example

/etc/shadow Entry

mauro:$6$Wyb.F7nfn4qtq7mr$tCSZVu7t5o/HsiFAiibc6493S9QYpcABfVPfI33GP
6Mh77ysg5l4Q/zwvf4ZTNEFF.b4P4MACT76uRGqEekv1:18738:0:99999:7:::

• mauro — username
• $6$... — password field: algorithm 6 (SHA-512), salt Wyb.F7nfn4qtq7mr, hash tCSZVu7t5o..., no explicit rounds (defaults to 5000)
• 18738 — last password change (days since epoch)
• 0:99999:7 — minimum age 0, maximum age 99999, warning period 7
• ::: — inactivity, expiration, and reserved fields empty