How to display hashing algorithm on your Linux system for user authentication
On some Linux distributions, you can use:
$ authconfig — test | grep hashing
But it doesn’t always work; here are some other ways to get the hashing algorithm:
From PAM (Linux Pluggable Authentication Modules):
$ cat /etc/pam.d/common-password | grep -i ^password | grep -v # | grep -i pam_unix.so | grep -i success | awk ‘END {print $NF}’
From the default parametres for user account creation (/etc/login.defs):
$ cat /etc/login.defs | grep ENCRYPT_METHOD | grep -v # | awk ‘{print $2}’
You can also see in the /etc/shadow file what type of hashing algorithm is used for a user’s password:
$ sudo cat /etc/shadow | grep root | awk -F “:” ‘{ print $2 }’ | awk -F “$” ‘{print $2}’
The number that is returned refers to one of these algorithms:
- $1 = MD5 hashing algorithm
- $2 = Blowfish algorithm is in use
- $2a = Eksblowfish algorithm
- $5 = SHA-256 algorithm
- $6 = SHA-512 algorithm
Extra tip, if you want the name to be the same case you can pipe the return value with:
$ […] | tr ‘[:upper:]’ ‘[:lower:]’
— or —
$ […] | tr ‘[A-Z]’ ‘[a-z]’