Identifying Linux Password Hash

i.hrishikesh nate
1 min readJan 26, 2021

The basic mechanism of any user account is a pair of username and password associated with that user account that can be used for getting access to a Linux machine.

The Linux Machine stores password in an encrypted format for the user account with arguments related to the specific user .

The Encrypted string is more of hash value of the user’s password. These credentials are stored in a file called /etc/shadow It contains single entry per line for each user listed in /etc/passwd file.

Each entry in /etc/passwd file represents an individual user account and contains following seven fields separated by colons (:).

username : encrypted password : UID : GID : user description : user’s home directory : user’s login shell

Example of Linux Password Hash: $6$iU9KjTeD$5myyo4W7zppTOEdVUeP8

The anatomy of the hash is defined as $id$salt$hashed

  • $id

It defines the hashing algorithm used On GNU/Linux.

  • $salt

It defines the salt value .

  • $hashed

It is the combination of salt plus the user password.


The information published in this article is only for educational purposes. The content of this article is based on learning and experience. Any misuse of information will not be the responsibility of the author.

Edits are always welcomed…!!!!



i.hrishikesh nate

Security Researcher | Application Security | Linux | Bug Hunter