change to default password hashing in PAM

Kees Cook kees at
Wed Aug 27 00:16:18 BST 2008

In the interest of staying ahead of modern cryptanalysis, Intrepid's PAM
(1.0.1-3ubuntu5) now stores new passwords with salted SHA512, rather
than the prior salted MD5 method.  Earlier password hashing schemes are
still supported as before (DES, MD5).

One thing in particular to look out for: the SHA512 password hash will
only work on systems with glibc 2.7's crypt() or newer (Hardy and newer).
So if you're in the habit of replicating password hashes from machine
to machine in some way, look out for this gotcha.  The resulting hash
is also longer, for the case that some non-system hash management code
uses a fixed-length string.

For the curious, the hashing types can be identified by their prefix.
If the string in /etc/shadow does not start with "$", it is the ancient
DES.  Otherwise, the following prefixes are recognized by glibc:
    $1$... md5
    $5$... sha256
    $6$... sha512


    des:    sa3tHJ3/KuYvI
    md5:    $1$salt$qJH7.N4xYta3aEG/dfqo/0
    sha512: $6$salt$IxDD3jeSOb5eB1CX5LBsqZFVkJdido3OUILO5Ifz5iwMuTS4XMS130MTSuDDl3aCI6WouIL9AjRbLCelDCy.g.


Kees Cook
Ubuntu Security Team

More information about the ubuntu-devel mailing list