Lukas Z's Blog

On Programmatically Checking Linux-passwords

Klaus Trainer has just posted a short article on how to write a short program, that checks usernames and passwords on a Linux machine.

I was at first confused why it works, since there was no salt. But in fact it’s there, inside the entry in /etc/shadow.

Here’s the format:


So for example if we have a row like this:


Then the 6 means that SHA512 was used, and qUgyc2fC is the salt.

P.S.: You can follow me on Twitter.