I have the working password and can see the hash (/etc/passwd). How do I find the hashing algorithm used to hash the password, without manually trying different algorithms until I find a match?
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
This is documented in crypt(3)’s manpage, which you can find via shadow(5)’s manpage, or passwd(5)’s. Those links are appropriate for modern Linux-based systems; the description there is:
If salt is a character string starting with the characters “$id$”
followed by a string optionally terminated by “$”, then the result
has the form:$id$salt$encryptedid identifies the encryption method used instead of DES and this then
determines how the rest of the password string is interpreted. The
following values of id are supported:ID | Method ───────────────────────────────────────────────────────── 1 | MD5 2a | Blowfish (not in mainline glibc; added in some | Linux distributions) 5 | SHA-256 (since glibc 2.7) 6 | SHA-512 (since glibc 2.7)
Blowfish, also known as bcrypt, is also identified by prefixes 2, 2b, 2x, and 2y (see PassLib’s documentation).
So if a hashed password is stored in the above format, you can find the algorithm used by looking at the id; otherwise it’s crypt’s default DES algorithm (with a 13-character hash), or “big” crypt’s DES (extended to support 128-character passwords, with hashes up to 178 characters in length), or BSDI extended DES (with a _ prefix followed by a 19-character hash).
Some distributions use libxcrypt which supports and documents quite a few more methods:
y: yescryptgy: gost-yescrypt7: scryptsha1: sha1cryptmd5: SunMD5
Other platforms support other algorithms, so check the crypt manpage there. For example, OpenBSD’s crypt(3) only supports Blowfish, which it identifies using the id “2b”.
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0