If you ever wondered where and how user passwords are stored in linux file system then this post will answer most of your questions. Below we will discuss password hashing in ubuntu but many other linux distributions follow this pattern. Below read assumes that you have basic familiarity with hash function like md5 or sha-256.
Hashed not Encrypted
In Linux Passwords are not stored by encrypting with some secret key rather hash of the password is stored. So you need not to worry about key getting compromised nor the file which actually stores password (Hashed Password) getting stolen.
To make storage more secure password are hashed with salt. Salt is just random string which is generated when you create password. This helps prevent rainbow table attacks.
Password File Location and Content
Ubuntu stores password content in file /etc/shadow. Only root user can write inside this file. Along with hashed password this file also stores content like username, password change date, expiry date etc. in colon (:) separated format. We will focus on the second field i.e salt with hashed password.
$ sudo cat /etc/shadow/
techmonger:$6$ABCD1234$JnCx/.NCi4315V0AONxuVpUIRvPivoQjLzY0M28iYkOJU/FwVhXE4Me2f72fldvGEOpnTAB7IuVrsVfwpT/XT/:38478:0:99999:5:::
This line stores salt along with password hash. Note that each string between $ sign represent following things.
$6$ABCD1234$JnCx/.NCi4315V0AONxuVpUIRvPivoQjLzY0M28iYkOJU/FwVhXE4Me2f72fldvGEOpnTAB7IuVrsVfwpT/XT/
| Value | Explanation |
|---|---|
$6$ | Value between starting two $ sign represents algorithm used for hashing. Here number 6 suggests sha-512 been used. |
$ABCD1234$ | Value between second and third $ sign represents string salt which is used for hashing.. |
$JnCx/.NCi4315V0AON xuVpUIRvPivoQjLzY0M 28iYkOJU/FwVhXE4Me 2f72fldvGEOpnTAB7IuV rsVfwpT/XT/ | Value after the third $ sign represents actual hashed password. |
Regenerating Hashed Password in Python
Stored password hash is generated using crypt3. You can use python crypt implementation to regenerate password. Note that the password used for the user techmonger is hunter2.
>>> import crypt
>>> password="hunter2"
>>> hashing_scheme_with_salt="$6$ABCD1234$"
>>> crypt.crypt(password, hashing_scheme_with_salt)
'$6$ABCD1234$JnCx/.NCi4315V0AONxuVpUIRvPivoQjLzY0M28iYkOJU/FwVhXE4Me2f72fldvGEOpnTAB7IuVrsVfwpT/XT/'
In above example you can see that hash value generated by hashing password hunter2 with salt ABCD1234 using sha-512 is same as that present in the file /etc/shadow.
Conclusion
Above we have seen how password is stored in Linux like system and how hashed password is generated with the help of python code. Storing password this way is very secure and finding actual password from the stored hash is impossible*.