Learn to identify which algorithm produced a stored password hash by inspecting the hash prefix and system authentication configuration. 20.01.2026 | reading time: 2 min You found a hashed password and want to know which algorithm created it; inspect the stored string and the authentication stack to be sure, so you can assess strength and compatibility. Inspect the shadow entry Show the stored hash for a user with `getent` and read the prefix; example command and a typical output are: ```bash $ sudo getent shadow webadmin webadmin:$6$abc123$eGf...restOfHash...:18160:0:99999:7::: ``` Here the "$6$" prefix means SHA-512; other common markers are "$5$" for SHA-256, "$1$" for MD5 and "$2y$"/"$2a$" for bcrypt; an absent prefix may indicate old DES-style crypt. Confirm system policy via PAM PAM often dictates the hashing method: grep the pam_unix lines to see options like "sha512"; example: ```bash $ grep -E "^password.*pam_unix" /etc/pam.d/* /etc/pam.d/common-password:password [success=1 default=ignore] pam_unix.so obscure sha512 ``` Also check `/etc/login.defs` for ENCRYPT_METHOD or use distribution tools like `authselect`/`authconfig` to view configured defaults. Edge cases to watch Not every account uses a local /etc/shadow hash: LDAP, SSSD or an external identity provider may hold the secret, bcrypt hashes may be provided by libxcrypt and locked accounts show `!` or `*`; when in doubt, verify both the stored prefix and the PAM/module configuration before drawing conclusions. Useful commands and practical tricks Create test hashes or verify what a given tool will do: `openssl passwd -6 'secret'` generates a SHA-512 hash, `mkpasswd --method=sha-512` on some systems does the same, and password-cracking tools like John the Ripper can help validate expected formats in a safe lab environment. Next steps for the curious admin Knowing the hash scheme is the start: harden policies, choose strong algorithms and audit accounts regularly; keep learning about Linux authentication and consider formal certification such as CompTIA Linux+ or LPIC-1, with intensive exam preparation available at bitsandbytes.academy. Join Bits & Bytes Academy First class LINUX exam preparation. security utilities troubleshooting
