Password Storage in Unix

Definition

Password Storage in Unix

On Unix and Linux systems, user credentials are stored in the file /etc/shadow. Each user occupies one line with nine fields separated by colons.

Fields

Position	Field	Description
1	username	the login name
2	password data	the hashed password in modular crypt format
3–9	additional	last password change, minimum/maximum age, warning period, inactivity period, expiration date, reserved

Password Field Format

Modular Crypt Format

The password field typically has the form
$$ id $ rounds = xxx $ salt $ hashedpwd$

id

1: MD5

5: SHA-256

6: SHA-512

y: yescrypt

rounds=xxx SHA-256 and SHA-512. Defaults to 5000 when omitted. Increases the cost of offline attacks.

Optional iteration count for

salt A randomly generated per-user salt.

hashedpwd

The derived hash value.

Example

/etc/shadow Entry
mauro:$6$Wyb.F7nfn4qtq7mr$tCSZVu7t5o/HsiFAiibc6493S9QYpcABfVPfI33GP
6Mh77ysg5l4Q/zwvf4ZTNEFF.b4P4MACT76uRGqEekv1:18738:0:99999:7:::
mauro — username

$6$... — password field: algorithm 6 (SHA-512), salt Wyb.F7nfn4qtq7mr, hash tCSZVu7t5o..., no explicit rounds (defaults to 5000)

18738 — last password change (days since epoch)

0:99999:7 — minimum age 0, maximum age 99999, warning period 7

::: — inactivity, expiration, and reserved fields empty

Lukas' Notes

Password Storage in Unix

Definition

Fields

Password Field Format

Example

Graph View

Table of Contents

Backlinks