Answer the question
In order to leave comments, you need to log in
Where can I read more about hashed string syntax?
There are two password lines:
ftO3Vf5ujoFQgpz9vG7D+paKjOnppI7IRuuvQpq7s1U=
sha256:1000:L6DlotbUNtnUv7jZ5d/vLnnzaklLWeVt:mUOt7S58/Ray8HE68OhmJc9IDZkLJmoK
Answer the question
In order to leave comments, you need to log in
There is no single standard for how passwords (and even more so - just strings) are hashed.
For example, the passwd format is described in `man 3 crypt`:
The glibc version of this function supports additional encryption algorithms.
If salt is a character string starting with the characters "$id$" followed by a string optionally terminated by "$", then the result has the form:
$id$salt$encrypted
id identifies the encryption method used instead of DES and this then determines how the rest of the password string is interpreted. The following values of id are supported:
ID | Method
_ ────────
1 | MD5
2a | Blowfish (not in mainline glibc; added in some
| Linux distributions)
5 | SHA-256 (since glibc 2.7)
6 | SHA-512 (since glibc 2.7)
Thus, $5$salt$encrypted and $6$salt$encrypted contain the password encrypted with, respectively, functions based on SHA-256 and SHA-512.
"salt" stands for the up to 16 characters following "$id$" in the salt. The "encrypted" part of the password string is the actual computed password. The size of this string is
fixed:
MD5 | 22 characters
SHA-256 | 43 characters
SHA-512 | 86 characters
The characters in "salt" and "encrypted" are drawn from the set [a-zA-Z0-9./]. In the MD5 and SHA implementations the entire key is significant (instead of only the first 8 bytes
in DES).
Since glibc 2.7, the SHA-256 and SHA-512 implementations support a user-supplied number of hashing rounds, defaulting to 5000. If the "$id$" characters in the salt are followed
by "rounds=xxx$", where xxx is an integer, then the result has the form
$id$rounds=yyy$salt$encrypted
where yyy is the number of hashing rounds actually used. The number of rounds actually used is 1000 if xxx is less than 1000, 999999999 if xxx is greater than 999999999, and is
equal to xxx otherwise.
By the appearance of the hash, it is impossible to determine whether there is a salt or not, that's why it is a hash.
You can read about sha256 on the wiki.
And you can experiment with it if you download, for example, OpenSSL.
Dock on OpenSSL.
https://www.madboa.com/geek/openssl/
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question