3

http://www.aychedee.com/2012/03/14/etc_shadow-password-hash-formats/

From the above article I can see the password can be encrypt in abot 6 different ways to genereate the hash in the format of $1$ ...

However, when I read the shadow file of my machine, I get something like this 

root:l2tdfsoZQxobQ:15743:0:99999:7:::
bin:*:13653:0:99999:7:::
daemon:*:13653:0:99999:7:::
adm:*:13653:0:99999:7:::
lp:*:13653:0:99999:7:::
sync:*:13653:0:99999:7:::
shutdown:*:13653:0:99999:7:::
halt:*:13653:0:99999:7:::
mail:*:13653:0:99999:7:::
news:*:13653:0:99999:7:::
uucp:*:13653:0:99999:7:::
operator:*:13653:0:99999:7:::
games:*:13653:0:99999:7:::
gopher:*:13653:0:99999:7:::
ftp:*:13653:0:99999:7:::
nobody:*:13653:0:99999:7:::
dbus:!!:13653:0:99999:7:::
vcsa:!!:13653:0:99999:7:::
rpm:!!:13653:0:99999:7:::
haldaemon:!!:13653:0:99999:7:::
pcap:!!:13653:0:99999:7:::
nscd:!!:13653:0:99999:7:::
named:!!:13653:0:99999:7:::
netdump:!!:13653:0:99999:7:::
sshd:!!:13653:0:99999:7:::
rpc:!!:13653:0:99999:7:::
mailnull:!!:13653:0:99999:7:::
smmsp:!!:13653:0:99999:7:::
rpcuser:!!:13653:0:99999:7:::
nfsnobody:!!:13653:0:99999:7:::
apache:!!:13653:0:99999:7:::
squid:!!:13653:0:99999:7:::
webalizer:!!:13653:0:99999:7:::
xfs:!!:13653:0:99999:7:::
ntp:!!:13653:0:99999:7:::
mysql:!!:13653:0:99999:7:::

For the root password, it is like l2tdfsoZQxobQ, so what encryption method did the system use for this password?

Timothy Leung
  • 133
  • It's worth noting that DES is fairly easy to crack. You should change your root password and never use it again. – bahamat Jan 06 '15 at 21:54

1 Answers1

4

If the hashing algorithm isn't listed in the password field, it's usually because it's in traditional DES-based crypt form. The hash you've provided even looks like a crypt hash.

Examples of what other DES hashes look like:

[root@xxx601 ~]# openssl passwd -crypt myPass
7BQrU5yVqiGqU
[root@xxx601 ~]# openssl passwd -crypt newPass
Mbq6MsDxJOsow
[root@xxx601 ~]#

Crypt hashes are typically the weakest possible hashes for a variety of reasons. Not the least of which is that it can only support passwords up to eight characters so all characters after the eighth are just ignored.

Bratchley
  • 16,824
  • 14
  • 67
  • 103
  • Will it be decrypt easily? – Timothy Leung Dec 31 '14 at 15:31
  • Relative to other hashing algorithms yeah. Brute forcing isn't quick no matter the hashing algorithm though. – Bratchley Dec 31 '14 at 15:32
  • I theory hashes can not be decrypted, (not by anyone, not by the computer, no way, no how). However sometimes hash algorithms are weak. There is also the brute force method. – ctrl-alt-delor Dec 31 '14 at 15:43
  • Can that be DES? http://en.wikipedia.org/wiki/Data_Encryption_Standard – Timothy Leung Dec 31 '14 at 16:16
  • http://webcache.googleusercontent.com/search?q=cache:frgdoDCfRcIJ:pentestmonkey.net/cheat-sheet/john-the-ripper-hash-formats+&cd=2&hl=en&ct=clnk&gl=hk – Timothy Leung Dec 31 '14 at 16:23
  • I'm not going to help you crack someone else's password if you don't know it already. But to answer your question, crypt is a DES implementation. It's the 5th or so example on that second page. – Bratchley Dec 31 '14 at 16:26
  • 3
    @TimothyLeung Yes, this is the historical DES-based hash, and it can be decrypted now. The algorithm itself is still considered strong in that it can only be cracked by brute force, but brute force is only 56 bits which is doable with today's computing power. So do consider your password compromised now that you've posted this hash on the Internet. – Gilles 'SO- stop being evil' Dec 31 '14 at 22:39
  • @Gilles Regarding your edit, I don't know if we should treat the two as synonyms. "crypt" involves things such as truncating the password which isn't necessarily DES. Looking online there's an "extended DES" implementation that supports longer passwords and uses DES but is still a different hashing algorithm than older crypt hashes. – Bratchley Jan 01 '15 at 02:31
  • @Bratchley That's not DES, it's DES-based crypt (as opposed to MD5-based crypt, SHA2-based crypt, etc. — the recent algorithms are still part of crypt). – Gilles 'SO- stop being evil' Jan 01 '15 at 13:23
  • I'm more referring to the edits that refer to "DES hashes" which implies that all hashing algorithms that employ DES will look like this and that they all have the eight character limit. – Bratchley Jan 01 '15 at 13:48