Password Hash

Password hashes can be used instead of saving passwords. The password hashes are generated from the password using a hash algorithm. This works just in one way, the hash can not be converted anymore into the password, but knowing the password the hash can be recreated.

Using one of the most used passwords 1234 a hash can be created as follows

openssl passwd 1234

this uses the crypt algorithm, see man openssl passwd for other algorithms. -6 uses a more more modern SHA512 algorithm.

openssl passwd -6 1234

If this command is repeated always a different hash appears. The reason is the hash gets salted. If not a hash for the most used passwords would be known and so also their passwords.

The salt is just a string and can be passed as

openssl passwd -6 -salt mysalt 1234

Important

Use single quotes otherwise something else might get interpreted if characters as $ are used.

openssl passwd -6 -salt 'mysalt' '1234'

Looking at the output shows that the $ character is used to format. The 6 indicated SHA512 algorithm, the salt appears and finally the hash.

$6$mysalt$boQMc5bsWsaSCQ.ukZn3g3zXUATbUBnZOl31N3jM1rW310lW5lqAKfqs0C2uZ1ezujH.7bI1yAERAQr30PSIs0

Note

The salt is considered to be public and can therefore be stored together with the hash.

The Linux encrypted password file /etc/shadow holds the passwords in the exact same way.


Linurs startpage