You are not logged in.
- Topics: Active | Unanswered
#1 2010-08-28 20:15:36
- graysky
- Wiki Maintainer
- From: :wq
- Registered: 2008-12-01
- Posts: 10,600
- Website
Does Arch salt its hashes in /etc/shadow [SOLVED]
Just curious after reading this wikipedia article if Arch is salting the hashes for users by default. By the looks of my own /etc/shadow file, it is using MD5 for the password encryption, but I can't tell if it's salted or not.
For older Unix passwords which used a 12-bit salt this would require 4096 tables, a significant increase in cost for the attacker, but not impractical with terabyte hard drives. The MD5-crypt and bcrypt methods—used in Linux, BSD Unixes, and Solaris—have salts of 48 and 128 bits, respectively.
EDIT: after closer inspection of /etc/shadow I believe that Arch is indeed salting. Ex:
root:$1$fcq4ttKL$4VtJ2qcyiw3t2G5Fn1ITx.:14832::::::$1 $ = md5 signature
fcq4ttKL = salt
$ = separator
fcq4ttKL$4VtJ2qcyiw3t2G5Fn1ITx = hash
Last edited by graysky (2010-08-28 20:22:37)
CPU-optimized Linux-ck packages @ Repo-ck • AUR packages • Zsh and other configs
Offline
#2 2010-08-29 14:44:09
- ehlo
- Member
- From: England
- Registered: 2010-04-04
- Posts: 66
Re: Does Arch salt its hashes in /etc/shadow [SOLVED]
You could also check for a non-salted password by generating the standard md5 hash
echo -n "yourpassword" | md5sumLast edited by ehlo (2010-08-29 14:44:21)
Offline