$1$ vs $6$ in /etc/shadow

I recently discovered by surprise that the entries in /etc/shadow changed format in Ubuntu 8.10. It took some searching to track down what has changed and why, so I summarize my findings here.

The hash algorithm has changed to sha512, which is indicated by the $6$.

In the file /etc/pam.d/common-password, there was a line like so:

password [success=1 default=ignore] pam_unix.so obscure sha512

Changing it to:

password [success=1 default=ignore] pam_unix.so obscure md5

causes newly updated passwords to assume the old $1$ format. Don’t do this without a good reason as sha512 is definitely the better algorithm, but at least now the change makes sense.

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s