-1

I saw on Which is the encryption method used on /etc/shadow? that encrypted passwords starting with $6$ uses SHA-512 encryption.

Here is an example :

$6$5l70Gupv$xBTxhCSexudn5jJ9hampIfTK0KIR3nqK1K1Rxye.OA5obtKArO7jgftjJtVSdp31MPxItEPmOuWhbgBvp0wqn.

xBTxhCSexudn5jJ9hampIfTK0KIR3nqK1K1Rxye.OA5obtKArO7jgftjJtVSdp31MPxItEPmOuWhbgBvp0wqn. is supposed to be the actual hash. 5l70Gupv being the salt.

However this does not look like a SHA-512 hash to me. Here is one generated from this site :

f8e3183d38e6c51889582cb260ab825252f395b4ac8fb0e6b13e9a71f7c10a80d5301e4a949f2783cb0c20205f1d850f87045f4420ad2271c8fd5f0cd8944be3

What am I missing here ?

shellwhale
  • 820
  • 1
  • 10
  • 34
  • 1
    The /etc/shadow hash is (modified) base64 encoded, the one from the website is hex-encoded. Please don't call this encryption, hashing and encryption are different. – President James K. Polk Jun 07 '19 at 19:26
  • 1
    Here's a [blog post](https://www.vidarholen.net/contents/blog/?p=32) explaining md5 vs md5crypt, which is the exact same issue for a different algorithm. There's also a [follow up](https://www.vidarholen.net/contents/blog/?p=33) that subsequently compares this to SHA512crypt. – that other guy Jun 07 '19 at 21:30

1 Answers1

1

You are comparing two different formats of two different algorithms.

  • The /etc/shadow hash is SHA512crypt in a customized base64 encoding.

  • The hash you calculated is a SHA-512 hash in hex notation.

They look visually different because they are formatted differently, and since the hashing algorithms are different, they can not be compared even if you use the same format for both.

that other guy
  • 116,971
  • 11
  • 170
  • 194