Password encryption for Ubuntu shadow

This is the manual way to change the Ubuntu password directly in the shadow file.

In my shadow file, my password look something like:

manuel:$6$KdE/UHqBIiVg$/fVGwMTREK7fnoR2PdNCmkJ6QHkp8R/RMkpdpY4cE0Ghfqxx7cuIatBHr98C0zPsvSIi8NWr7miuTca1d9Vc6/:14576:0:99999:7:::

The password encrypted here is “asd”. The encryption is “$6$KdE/UHqBIiVg$/fVGwMTREK7fnoR2PdNCmkJ6QHkp8R/RMkpdpY4cE0Ghfqxx7cuIatBHr98C0zPsvSIi8NWr7miuTca1d9Vc6/”.

You can divide this string in 3 parts, each one separated by a “$” sign.
The ID of the encryption. – 6
The desired salt – KdE/UHqBIiVg
The encryption : /fVGwMTREK7fnoR2PdNCmkJ6QHkp8R/RMkpdpY4cE0Ghfqxx7cuIatBHr98C0zPsvSIi8NWr7miuTca1d9Vc6
The id’s used in shadow are:

– 1 for MD5
– 5 for SHA-256
– 6 for SHA-512

In my case, I can generate my password with mkpasswd command:

mkpasswd -m sha-512 asd KdE/UHqBIiVg

P.S. Is a bug in mkpasswd. It has been fixed in ubuntu 9.10. Variable length salts are supported for SHA-512 password hashes, but mkpasswd didn’t support them.

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=523387
http://changelogs.ubuntu.com/changelogs/pool/main/w/whois/whois_4.7.33/changelog

manuel11g

Leave a Reply