LabEx
Log InJoin Free

How does Linux store hashed passwords?

QuestionsQuestions8 SkillsProDec, 16 2025
0248

You're looking for more detail on something we touched on a moment ago! Let's dive deeper into how Linux stores those hashed passwords.

Linux primarily stores hashed passwords in the /etc/shadow file. Here's a breakdown of how it works:

  1. Generation of the Hash:

    • When you set a password (e.g., using passwd command), Linux takes the plaintext password you type.
    • It then generates a random string of characters called a salt. This salt is unique for each user's password.
    • The plaintext password and the salt are combined and fed into a cryptographic hash function (like SHA-512, Blowfish, or sometimes MD5 on older systems).
    • The hash function computes a long, fixed-size string, which is the hashed password.

  2. The /etc/shadow file format:
    Each line in /etc/shadow corresponds to a user and typically looks something like this:

    username:$id$salt$hashed_password:last_changed:min_days:max_days:warning_days::::
    • username: The account's login name.
    • $id: This numerical ID indicates which hashing algorithm was used (e.g., $1$ for MD5, $5$ for SHA-256, $6$ for SHA-512). This tells the system how to verify the password later.
    • salt: The unique random string added to your password before hashing. Crucially, this salt is stored right alongside the hashed password, but it's not a secret itself. Its purpose is to make each user's hash unique, even if two users have the same password, and to thwart "rainbow table" attacks.
    • hashed_password: This is the actual output of the hash function – your password processed through the algorithm with the salt.
    • The remaining fields are related to password aging policies (when the password was last changed, how often it must be changed, etc.).

  3. Security of /etc/shadow:

    • Unlike /etc/passwd (which anyone can usually read), the /etc/shadow file has very strict permissions. Only the root user and specific system processes (like the passwd command or the login program) can read its content. This prevents ordinary users from accessing the hashed passwords.

In summary:

Linux doesn't store your actual password. It stores a one-way hashed version of your password combined with a unique salt in the highly protected /etc/shadow file. When you try to log in, the system re-hashes your input with the stored salt and compares the result to the stored hash. This robust mechanism is designed to protect your account even if an attacker gains access to the password file itself.

Does this detailed explanation answer your question?

0 Comments

no data
Be the first to share your comment!