5

I am trying to get access to my eReader and I managed to get the passwd file.

root:$1$hdhxObPx$TYFuTKsB9GGIgo53rF4bi1:0:0:root:/:/bin/sh
bin:*:1:1:bin:/bin:
daemon:*:2:2:daemon:/sbin:
nobody:*:99:99:Nobody:/:
s3c2440x::507:507:root:/:/bin/sh

I expected to see a standard hash string there or just "x" but this reminds me of something I have seen in MySQL databases, can anyone point me in the right direction please? What am I looking at?

Paŭlo Ebermann
  • 22,946
  • 7
  • 82
  • 119
nana
  • 153
  • 3

1 Answers1

6

Crypt based password hashes have several parts separated by $

  • The hash type, 1 in your case, this stands for MD5-crypt (this is not plain MD5)
  • The salt, hdhxObPx in your case
  • The actual hash TYFuTKsB9GGIgo53rF4bi1 in your case
  • Some schemes have additional parameters, such as a work-factor, but this does not apply to the scheme used in your example.

The MD5-Crypt scheme should be avoided, in favor of modern schemes, such as bcrypt (usually starting with $2a$). Not because MD5 is cryptographically broken, but because it has a constant work-factor, that's too small for the computational power modern attackers can field.

Check out crypt (C) on Wikipedia for further information.

CodesInChaos
  • 25,121
  • 2
  • 90
  • 129