Linux password security: hashing rounds
This article has last been updated at .
Password security strength typically comes from the complexity, including length, of the password itself. There is an additional security measure that can be implemented on Linux systems: hashing rounds. It does not strengthen the password itself, but improves the authentication phase. Let’s have a look in more detail.
What are hashing rounds?
A hashing algorithm computes if the result or outcome of a provided password is the same as a stored value. Not the actual password is checked, but the result of pulling it through a mathematical function is compared. If more computing resources are required (work factor), we increase the burden on an attacker. Within some hashing functions, this is called hashing rounds.
More rounds will increase the processing time, including the time it takes to authenticate. A normal user will have to endure a small delay in processing once when logging in, while the attacker encounters it for every single password cracking attempt. Some of the hashing methods have a greater resistance to so-called offline attacks. These attacks occur to a password database and is performed on a resource of the attack itself.
Determining current hashing algorithm
Before we make any changes, it is good to know what hashing algorithm is used. This can be done by looking at the /etc/shadow file. The file is split with a colon (:) and we are interested in the second field. This is the field after the username. This second field also has columns, but this time is the separator a dollar sign ($).
We can query the shadow information using the getent command and show a particular user:
# getent shadow test1
test1:$y$j9T$mYr.K6XvvNzs2gFziibUD1$BlrpAYrh5t0MFjbe.W8WJO2gWzkb9V6kWuGIu74tBg7:20062:0:99999:7:::
To simplify this output a little bit, we can use awk to only extract the entries with a password and column to turn it into a nice table.
# getent shadow | awk -F: '$2 ~ /^\$/' | column --table --separator :$
test1 y j9T mYr.K6XvvNzs2gFziibUD1 BlrpAYrh5t0MFjbe.W8WJO2gWzkb9V6kWuGIu74tBg7 20062 0 99999 7
test2 y j9T mcWzdGP7ACjHzLonVuGvO/ AYFX0qOItF0cbcSR2ay9MAXj0uUlED1GVHkp9hMu2zA 20062 0 99999 7
test3 y j9T uf65A1fRAvZqAT7cVItuf. yQa8j9qpVnQKMhnu9x8Rnnu0Q8r1v0VfMu.MIgnvMHB 20062 0 99999 7
In this case we see the value ‘y’ in the second column. The ‘y’ refers to yescrypt. To see the full list of methods, have a look at password security with the /etc/shadow file for details.
Configuration using /etc/login.defs
SHA-256 and SHA-512
Requires ENCRYPT_METHOD set to SHA256 or SHA512 in /etc/login.defs.
Define the setting SHA_CRYPT_MIN_ROUNDS. By default this setting is 5000. For modern systems, higher values are advised.
The number of rounds can also be defined in PAM. When using both, ensure that both are having a similar configuration.
Yescrypt
Requires ENCRYPT_METHOD set to YESCRYPT in /etc/login.defs.
With yescrypt, there is a cost factor involved, which is similar to rounds. If your Linux distribution supports this, you will find the option YESCRYPT_COST_FACTOR in /etc/login.defs
To confirm that the change is working, update a password of a user. Then have a look at the third column in the output above. The value j9T refers to default of 5 rounds. Value jAT=6 rounds, jBT=7 rounds, jCT=8 rounds, jDT=9 rounds, jET=10 rounds, jFT=11 rounds.
Not all Linux distributions support YESCRYPT_COST_FACTOR at this moment, so in that case try the ‘rounds’ option in PAM.
Configuration PAM
Linux typically has PAM available. Common file locations:
- /etc/pam.d/common-password
- /etc/pam.d/system-auth
Look for the line starting with password and uses the pam_unix.so module.
Example line:
password [success=1 default=ignore] pam_unix.so obscure yescrypt rounds=8
This line needs to be extended with ‘rounds=NUMBER’, which is equal to the cost factor of 8.
In this example we set round to 8 (valid options: 1-11)
