Which is the encryption method used on /etc/shadow?

Question

Which is the encryption method used on /etc/shadow on GNU/Linux systems? I would like to write a small program for personal purpose that uses the same API, but at the moment I don't know where to start.

Thanks in advance

Answer 1

Use the crypt(3) function. On glibc, the method used depends on the salt, if it starts with:

• $1$: it uses MD5.
• $5$: it uses SHA-256.
• $6$: it uses SHA-512.
• $2a$: it uses blowfish, not supported everywhere.
• Otherwise it uses DES.

Answer 2

Multiple encryption methods are available in glibc, see man 3 crypt, the Glibc Notes section: http://manpages.courier-mta.org/htmlman3/crypt.3.html

When verifying an existing password, just pass the encrypted form as salt; only the initial $id$salt part will be used. When creating new password, initialize id with whatever you need and put some random characters in salt.