MD5 and SHA512

A client was concerned that their password hash was MD5.

A check of the /etc/shadow file showed:

user:$6$UAxaIY9I$hAkj …  

The first field annotated by a ‘$’ (: is the delimiter) is 6 = SHA256 (1 = MD5)

And /etc/pam.d/common-password specifies it:

password        [success=1 default=ignore]      pam_unix.so obscure use_authtok try_first_pass sha512

In this case, the client already was using SHA512 which is correct. If they were using MD5, a change to the line in file /etc/pam.d/common-password mentioned above would be required. The next log in by any user would prompt for a password change so it can be encrypted with SHA512

Leave a Reply

Your email address will not be published. Required fields are marked *