Recognising Password Hashes
https://hashcat.net/wiki/doku.php?id=example_hashes
Linux Passwords
Password hashes are stored in /etc/shadow, which is normally only readable by root. They used to be stored in /etc/passwd, which was readable by everyone.
The encrypted password field contains the hashed passphrase with four components: prefix (algorithm id), options (parameters), salt, and hash. It is saved in the format $prefix$options$salt$hash. The prefix makes it easy to recognise Unix and Linux-style passwords; it specifies the hashing algorithm used to generate the hash.
Here’s a quick table of some of the most common Unix-style password prefixes you might encounter. They are listed in the order of decreasing strength. You can read more about them by checking the man page with man 5 crypt.
$y$
yescrypt is a scalable hashing scheme and is the default and recommended choice in new systems
$gy$
gost-yescrypt uses the GOST R 34.11-2012 hash function and the yescrypt hashing method
$7$
scrypt is a password-based key derivation function
$2b$, $2y$, $2a$, $2x$
bcrypt is a hash based on the Blowfish block cipher originally developed for OpenBSD but supported on a recent version of FreeBSD, NetBSD, Solaris 10 and newer, and several Linux distributions
$6$
sha512crypt is a hash based on SHA-2 with 512-bit output originally developed for GNU libc and commonly used on (older) Linux systems
$md5
SunMD5 is a hash based on the MD5 algorithm originally developed for Solaris
$1$
md5crypt is a hash based on the MD5 algorithm originally developed for FreeBSD
$prefix$options$salt$hashIn the example above, we have four parts separated by $:
yindicates the hash algorithm used, yescryptj9Tis a parameter passed to the algorithm76UzfgEM5PnymhQ7TlJey1is the salt used/OOSg64dhfF.TigVPdzqiFang6uZA4QA1pzzegKdVm4is the hash value
MS Windows Passwords
Last updated