Logging into sudo with a hashed password

linux login sudo
5,180

That would defeat the purpose of storing the hashed password.

I'm sure you know, but just in case the idea behind hashing is pretty simple -- you find a function which is easy to calculate in one direction but incredibly difficult to calculate in the other direction. Let's call that function hash.

Now, when you first create your password, say hunter2 the system will run hash('hunter2') and store the result in the shadow file.

Then when you log into the system you claim that your password is hunter4 and the system checks this by comparing hash('hunter4') to the value stored in the shadow file. If the hashes are equal system will let you log on, if they're not then the system will deny you.

The advantage to this is that even if someone manages to get access to your shadow file, they still don't know your password and can't log on as you because although they know the hash, it's incredibly difficult to determine the password that produced this hash.

In short, no the hash stored in /etc/shadow is not and can not be used as a substitute for a users password.

Share:
5,180

Related videos on Youtube

user3119546
Author by

user3119546

Updated on September 18, 2022

Comments

  • user3119546
    user3119546 over 1 year

    I am curious as to whether or not I can pass the sudo password prompt the hashed sha512(?) password and log in to root that way. So it might look something like this:

    [user@device ~]$ sudo su -
[sudo] password for user: 'some hashed password from shadow file'

    Is this possible? If so, is there an easy way to get this hashed password?

  • user3119546
    user3119546 almost 9 years
    thanks, basically I want to call a file with sudo but I dont want to be echoing a plaintext password over the network. Suggestions?
  • ztk
    ztk almost 9 years
    Use ssh (or any other encrypted protocol) for the network connection, that will prevent anyone from reading it in transit.
  • user3119546
    user3119546 almost 9 years
    This makes complete sense, and it is what I expected. I am simply trying to call a command with sudo without having to 'echo' the password on the network. Thoughts on how I could go about doing this in a more secure fashion? I thought that maybe I could pass the hash as the 'password' and then they could compare the result of me running 'hash('hunter2')' to the stored has in the shadow file. But I understand why they want to eliminate that option if someone unauthorized gains access to the shadow file.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Unable to Unlock Account on Ubuntu 18.04 - "Account locked due to 50 failed logins"
How to login as root from Bash and do stuff
Why su to root instead of logging in as root?
sudo: no tty present and no askpass program specified When useing shell_exec
Login script using Python and SQLite
Regex in Sudoers File?
sudo: command not found
How to execute a command on behalf of a user if login is denied
Android Debug Bridge (adb) command line tool exists in $PATH, but "command not found" in linux
10 second delay between login and shell prompt.