Skip to content

Shadow File

Shadow File

Example Shadow File:

root@(none):/# cat /etc/shadow
root:$1$NJi50Ceq$H2TXojQhmmD/lS.I41mSp1:0:0:99999:7:::
root:$1$g1UlaVkd$ZNIs8OXZmUK.QQxY7IoAN/:0:0:99999:7:::
daemon:*:0:0:99999:7:::
ftp:*:0:0:99999:7:::
network:*:0:0:99999:7:::
nobody:*:0:0:99999:7:::
root@(none):/# cat /etc/passwd
root:x:0:0:root:/root:/bin/ash
user:x:1000:1000:user:/home/user:/bin/ash
daemon:*:1:1:daemon:/var:/bin/false
ftp:*:55:55:ftp:/home/ftp:/bin/false
network:*:101:101:network:/var:/bin/false
nobody:*:65534:65534:nobody:/var:/bin/false

fields
1. username
2. salt and hashed password
3. days since epoch of last password change
4. days until a change is allowed
5. days before a change is required
6. days warning for expiration
7. days before account is inactive
8. days since epoch when account expires
9. reserved

more on the salt/hashed password
$id$salt$hash

  1. MD5
    2a. Blowfish
  2. SHA-256
  3. SHA-512

Generating a new password

MD5 Crypt Password:

>>> mkpasswd -m md5 password
$1$2ucwSK2M$Mvo.3AdWy247mr.2Vqcic0

bcrypt Password:

>>> mkpasswd -m bcrypt password
$2b$05$KbGHzDiJsLH7ShEmmjO8e.WA9VYY64.iBWtHUUivXsIVGPBo16on2

bcrypt-a Password:

>>> mkpasswd -m bcrypt-a password
$2a$05$IGf08OKmBXUneMNl3mTKuOX.3iAZWP1UvL22y6o2r9A1lex/YORWu

SHA-256 Crypt Password:

>>> mkpasswd -m sha-256 password
$5$0NSW8xlNeLRniso3$EnevOMAGMXUeqx18SCcJhitkTVqIB9xpf9fqfoGt2q3

SHA-512 Crypt Password:

>>> mkpasswd -m sha-512 password
$6$Pm.e0h7RhDJnNL8x$i..AXNeDDHcll99pX5BRmP7t4Wlw16gHnZNDUsNiKMtguhQllF7hdEFBh5bde2tYLdoPXHy1CptNlK96HXJux0

GOST Crypt Password:

>>> mkpasswd -m gost-yescrypt password
$gy$j9T$RtNypMvru5pIwX6SliJNh1$lFB6IYlTmY5ho51kiCymMudEtryeX1BajRiv0XF4OAC