The root password for Linux exists in the "/etc/shadow" file, but you must have root permission to see the "/etc/shadow" file under Linux. I do a demo with my own virtual machine, as shown in:
In the above diagram, I did not set the root password, you can see the root of the line at the beginning of a "!". Then look at the following diagram, the root password has been set:
Here, mainly on the shadow password storage structure to do some introduction, refer to the relevant content on the network, to summarize their own.
The ciphertext string format is: $id $salt$encrypted, separated by $, where $id is used to specify the algorithm used, as shown in the following table:
| Id |
Method |
| 1 |
MD5 |
| 2a |
Blowfish (not in mainline glibc;added in some Linux distribution) |
| 5 |
SHA-256 (since GLIBC 2.7) |
| 6 |
SHA-512 (since GLIBC 2.7) |
As I can see from above, ciphertext uses the SHA-512 algorithm. $salt is a randomly generated string of up to 16 characters that is used to increase the difficulty of cracking. $encrypted is the ciphertext that is calculated by the encryption algorithm and salt.
Next, describe the structure of this password store.
- account name: the account name and the account name inside the/etc/passwd are one by one corresponding relationships.
- Password: Here you can see the 3 categories, which are weird strings, * and !! where the weird string is the encrypted password file. The asterisk for account number is locked, and the double exclamation mark indicates that the password has expired. Strange string is the beginning of $6$, indicating that it is encrypted with SHA-512, $1$ indicates that it is encrypted with MD5, $2$ is encrypted with Blowfish, $5$ is encrypted with SHA-256.
- Modified: This is the date that the password was last modified and the number of days apart from 1970-1-1 password cannot be changed: If this number is 8, then 8 days can not change the password, if it is 0, It can be changed at any time.
- password needs to be modified: If it is 99999, you will never have to change it. If it is another number such as 12345, then the password must be changed within 12,345 days from 1970-1-1, otherwise the password is invalid.
- n days before the modification deadline warning: For example, you specify in fifth that the password must be modified by June 20, and the system will warn the corresponding user from n days before the 6-20 number.
- Password expired grace: Assuming that this number is set to M, then the account expires within m days of the change password can be modified, after the account can continue to use.
- Account expiration Date: Assuming this date is X, as in the third, the date represented by X is still the number of days apart from 1970-1-1, and after X, the account expires.
- reserved: is reserved and has not been used for the time being.
Reference article: http://www.yucoat.com/linux_opensource/linux_etc_shadow.html
/etc/shadow File Description