Re: password hash in shadow file
tomas@tuxteam.de wrote:
> On Tue, Mar 13, 2018 at 05:25:18PM +0100, Sven Hartge wrote:
>> Adam Weremczuk <adamw@matrixscience.com> wrote:
>>> I think it was me invoking "passwd" as root and aborting (ctrl+D)
>>> without making any changes. Would that be enough to update the
>>> shadow file?
>> No.
>>
>> You can't reverse a hash and to generate a new hash the code needs
>> the password for the user in plain.
> Well, to be fair, the change to SHA-1 is because you can "reverse" MD5
> all too easily
Yes, basically.
> But I don't think your operating system is going to do that behind
> your back ;-)
It would be quite obvious when just starting "passwd" takes several days
while it cracks your MD5 hash to replace it with a stronger one ;)
But on that note: I wonder of one could create a PAM module which will
do just that on successful login. Once you *know* you have the right
password (and the PAM system has that knowledge including the plain text
password the user entered) just rehash it and update /etc/shadow.
This will gradually upgrade all hashes once a user uses an account.
S°
--
Sigmentation fault. Core dumped.
Reply to: