In the /etc/shadow file, passwords are stored as hashed values rather than plain-text. This means that the actual password is transformed into a fixed-length string using a cryptographic hashing algorithm. The hashed password is then stored in the second field of each user's entry in the file.
The format of the hashed password typically includes:
-
Hashing Algorithm Identifier: This indicates which hashing algorithm was used (e.g.,
$1$for MD5,$6$for SHA-512). -
Salt: A random value added to the password before hashing to ensure that identical passwords produce different hashes. This helps protect against precomputed hash attacks (rainbow tables).
-
Hash: The resulting hashed value of the password combined with the salt.
An example entry in the /etc/shadow file might look like this:
username:$6$saltsalt$hashedpassword:...In this example:
$6$indicates that the SHA-512 algorithm was used.saltsaltis the salt value.hashedpasswordis the resulting hash of the password combined with the salt.
When a user attempts to log in, the system hashes the entered password using the same algorithm and salt, then compares the resulting hash to the stored hash in the /etc/shadow file to verify the password.
