Explore how Ubuntu stores user login passwords

In Ubuntu, The/etc directory contains three files related to user logon Access Control: passwd, shadow, and group. In the past, older Unix systems put hash-processed passwords directly in the passwd file. Now * nix stores the processed passwords in the shadow file, the use of these three files can be referred to: http://www.bkjia.com/ OS /201308/237266.html

Open the/etc/shadow file as follows:

We can see from "$6 $" to "GJr .. "The end character is a user password that has been hashed. Now we want to know how this string is generated. We have checked the official Ubuntu documentation:

Shadow file Description: http://manpages.ubuntu.com/manpages/karmic/man5/shadow.5.html

Crypt Encryption Algorithm Description: http://manpages.ubuntu.com/manpages/karmic/man3/crypt.3.html

From the official documentation, we can see that the user password has been processed by the crypt Algorithm in glibc, "$6 $3rhg9. la $ "is the salt value used in the hash process. What is the role of the salt value? We know that for a known hash algorithm and a fixed string, the hash result is the same, so assume that a system has many users, some of the users may use the same password. For example, if both users use "123456" as the login password, the salt value is not used, the processed password string is the same. Although "illegal intruders" cannot directly obtain the plaintext password from the processed string, it is still known that two people use the same password. To avoid this problem, we can put a salt value (m // salt) behind the original password when hashing the user's password. There are two advantages: on the one hand, the random generation of salt values avoids the creation of agreed hash values for the same password; on the other hand, it increases the computational complexity (increased by 2 ^ | salt | times) of brute-force cracking by intruders ). "$6 $3rhg9. la $ is divided into "6" and "3rhg9. la ", the first parameter is the hash algorithm selection parameter, as mentioned in the official documentation, the second is a random string.

Python's built-in crypt algorithm can call the crypt Algorithm in glibc. We can open the crypt. py file under the lib directory in the python source file to see how python calls the crypt Algorithm in glibc:

def crypt(word, salt=None):    """Return a string representing the one-way hash of a password, with a salt     prepended.    If ``salt`` is not specified or is ``None``, the strongest    available method will be selected and a salt generated.  Otherwise,    ``salt`` may be one of the ``crypt.METHOD_*`` values, or a string as    returned by ``crypt.mksalt()``.    """    if salt is None or isinstance(salt, _Method):        salt = mksalt(salt)    return _crypt.crypt(word, salt)

Open the crypt-entry.c file under the crypt directory in the glibc source file, we can see the code for selecting the hash algorithm based on the first three characters of the salt value:

/* Define our magic string to mark salt for MD5 encryption   replacement.  This is meant to be the same as for other MD5 based   encryption implementations.  */static const char md5_salt_prefix[] = "$1$";/* Magic string for SHA256 encryption.  */static const char sha256_salt_prefix[] = "$5$";/* Magic string for SHA512 encryption.  */static const char sha512_salt_prefix[] = "$6$";/* For use by the old, non-reentrant routines (crypt/encrypt/setkey)  */extern struct crypt_data _ufc_foobar;

Glibc2.6 is the most initial download during the test. This version does not have the sha256/sha512 algorithm corresponding to $5 $ and $6 $, only MD5, then we downloaded the latest glibc2.18 to see the two algorithms. We can guess that the shadow file is not like this in glibc2.6 and earlier linux systems. In this Ubuntu system, the gblic version is 2.11 (ldd -- version view). glibc also supports sha256/sha512. In our example, the first three characters are "$6 $". We can see that the hash algorithm used by the system is sha512. Because python calls the crypt Algorithm in glibc, it is naturally known that this algorithm in python cannot be called on the windows platform. Now, use python to write some scripts for testing:

Enter two parameters in the crypt function. One is our login password and the other is the salt value. We can see that the output result is the same as the processed password string in the shadow file.

By default, shadow files can only be accessed by the root user. Generally, users do not have access permissions. illegal intruders may obtain the original plaintext password after obtaining the file through brute force password attempts, therefore, when setting a password, users should include as many characters (uppercase and lowercase letters, numbers, and special characters) and exceed a certain length to improve system security.