admin:linux:passwords

Linux passwords

Passwords are found in /etc/passwd or /etc/shadow.

They can be generated with mkpasswd.

Change your own password with passwd.

Hashes

Generate yescrypt hash: mkpasswd -m yescrypt

Versions

If you generate a password with mkpasswd, there's a version ID enclosed in $ at the beginning before the actual hash, e.g. the $6$ in $6$9isv4eTgG8dkgV8i$mJiRv8W/wsINlwikTXoJWSyyr8yH8tBbg9nu0cOXNGquQrT0SXEDvrzLjiq33tR0M1moKPsiKk67dqVphwOH7/

Version string algorithm
$5$ sha256crypt
$6$ sha512crypt
$7$ scrypt
$y$ yescrypt
$gy$ gost-yescrypt

You shouldn't use older versions than 5. Especially passwords with MD5 ($1$) or DES hashes (no version string) have a very high collision probability and as such, are easy to crack.

For older systems (e.g. Debian before version 10), yescrypt might not be available, so you might have to downgrade to sha512crypt or even sha256crypt.

  • Last modified: 2022-08-04 09:23