Password hash in /etc/shadow weakens the security if /home encryption is enabledtransparent home directory encryptionIs /home encryption useful on a server?How do I get passwords from the keyring in the terminal for usage in scripts?How to decode the hash password in /etc/shadowDoes Home Encryption used in addition to Disk Encryption increase security?How do I update shadow file password hashes after changing the encryption method?Recover/change encryption password

How to respond when insulted by a grad student in a different department?

I'm largest when I'm five, what am I?

Make Leaflet polyline bold by hover?

My name was added to manuscript as co-author without my consent; how to get it removed?

SQL server backup message

"Kept that sister of his quiet" meaning

Can you use wish to cast a level 9 spell?

Fill a bowl with alphabet soup

SSH from a shared workplace computer

Modern warfare theory in a medieval setting

What are the consequences for downstream actors of redistributing a work under a wider CC license than the copyright holder authorized?

Why is CMYK & PNG not possible?

Is consistent disregard for students' time "normal" in undergraduate research?

Suspicious crontab entry running 'xribfa4' every 15 minutes

Print the sequence

Numbering like equations for regular text

Song in C major has F# note

What powers an aircraft prior to the APU being switched on?

What causes standard door hinges to close up to a certain amount automatically?

Can you decide not to sneak into a room after seeing your roll?

Did Feynman cite a fallacy about only circles having the same width in all directions as a reason for the Challenger disaster?

What is joint estimation?

What can I do to avoid potential charges for bribery?

I didn't do any exit passport control when leaving Japan. What should I do?



Password hash in /etc/shadow weakens the security if /home encryption is enabled


transparent home directory encryptionIs /home encryption useful on a server?How do I get passwords from the keyring in the terminal for usage in scripts?How to decode the hash password in /etc/shadowDoes Home Encryption used in addition to Disk Encryption increase security?How do I update shadow file password hashes after changing the encryption method?Recover/change encryption password






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty
margin-bottom:0;









0

















Recently I have encrypted the /home folder with fscrypt, I know it uses Argon2 to derive the decryption key and it takes about a second to do so but I'm concerned about the password stored in /etc/shadow using SHA-512. The attacker can just brute force the password hashed with SHA-512 which would significantly speed up the brute-forcing process. So is it possible to use a stronger hashing algorithm in /etc/shadow if I still want to use the login passphrase as my decryption password?






password encryption security home-directory







share|improve this question


























  • Are you sure that the hash in /etc/shadow is raw SHA-512, rather than sha512crypt ($6$) ? "Just brute force" varies - bcrypt/blowfish may be your best option (via PAM?), but sha512crypt isn't terrible, especially if you're using a random passphrase with sufficient entropy, such that bruteforcing for a slow hash like sha512crypt becomes infeasible.

    – Royce Williams
    Apr 21 at 18:34


















0

















Recently I have encrypted the /home folder with fscrypt, I know it uses Argon2 to derive the decryption key and it takes about a second to do so but I'm concerned about the password stored in /etc/shadow using SHA-512. The attacker can just brute force the password hashed with SHA-512 which would significantly speed up the brute-forcing process. So is it possible to use a stronger hashing algorithm in /etc/shadow if I still want to use the login passphrase as my decryption password?






password encryption security home-directory







share|improve this question


























  • Are you sure that the hash in /etc/shadow is raw SHA-512, rather than sha512crypt ($6$) ? "Just brute force" varies - bcrypt/blowfish may be your best option (via PAM?), but sha512crypt isn't terrible, especially if you're using a random passphrase with sufficient entropy, such that bruteforcing for a slow hash like sha512crypt becomes infeasible.

    – Royce Williams
    Apr 21 at 18:34














0












0








0








Recently I have encrypted the /home folder with fscrypt, I know it uses Argon2 to derive the decryption key and it takes about a second to do so but I'm concerned about the password stored in /etc/shadow using SHA-512. The attacker can just brute force the password hashed with SHA-512 which would significantly speed up the brute-forcing process. So is it possible to use a stronger hashing algorithm in /etc/shadow if I still want to use the login passphrase as my decryption password?






password encryption security home-directory







share|improve this question














Recently I have encrypted the /home folder with fscrypt, I know it uses Argon2 to derive the decryption key and it takes about a second to do so but I'm concerned about the password stored in /etc/shadow using SHA-512. The attacker can just brute force the password hashed with SHA-512 which would significantly speed up the brute-forcing process. So is it possible to use a stronger hashing algorithm in /etc/shadow if I still want to use the login passphrase as my decryption password?






password encryption security home-directory




password encryption security home-directory






share|improve this question













share|improve this question











share|improve this question




share|improve this question



share|improve this question










asked Apr 21 at 15:55









Ignacy RuszpelIgnacy Ruszpel

1




1















  • Are you sure that the hash in /etc/shadow is raw SHA-512, rather than sha512crypt ($6$) ? "Just brute force" varies - bcrypt/blowfish may be your best option (via PAM?), but sha512crypt isn't terrible, especially if you're using a random passphrase with sufficient entropy, such that bruteforcing for a slow hash like sha512crypt becomes infeasible.

    – Royce Williams
    Apr 21 at 18:34


















  • Are you sure that the hash in /etc/shadow is raw SHA-512, rather than sha512crypt ($6$) ? "Just brute force" varies - bcrypt/blowfish may be your best option (via PAM?), but sha512crypt isn't terrible, especially if you're using a random passphrase with sufficient entropy, such that bruteforcing for a slow hash like sha512crypt becomes infeasible.

    – Royce Williams
    Apr 21 at 18:34

















Are you sure that the hash in /etc/shadow is raw SHA-512, rather than sha512crypt ($6$) ? "Just brute force" varies - bcrypt/blowfish may be your best option (via PAM?), but sha512crypt isn't terrible, especially if you're using a random passphrase with sufficient entropy, such that bruteforcing for a slow hash like sha512crypt becomes infeasible.

– Royce Williams
Apr 21 at 18:34






Are you sure that the hash in /etc/shadow is raw SHA-512, rather than sha512crypt ($6$) ? "Just brute force" varies - bcrypt/blowfish may be your best option (via PAM?), but sha512crypt isn't terrible, especially if you're using a random passphrase with sufficient entropy, such that bruteforcing for a slow hash like sha512crypt becomes infeasible.

– Royce Williams
Apr 21 at 18:34











0






active

oldest

votes













Your Answer








StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "89"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/4.0/"u003ecc by-sa 4.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);














draft saved

draft discarded
















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1135807%2fpassword-hash-in-etc-shadow-weakens-the-security-if-home-encryption-is-enabled%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown


























0






active

oldest

votes








0






active

oldest

votes









active

oldest

votes






active

oldest

votes
















draft saved

draft discarded















































Thanks for contributing an answer to Ask Ubuntu!


  • Please be sure to answer the question. Provide details and share your research!

But avoid


  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1135807%2fpassword-hash-in-etc-shadow-weakens-the-security-if-home-encryption-is-enabled%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown









-

Popular posts from this blog

Tamil (spriik) Luke uk diar | Nawigatjuun

Image
Fering ArtiikelDrawiidisk Spriiken SölringÖömrangFeringHalunderHalifreeskMooringWiringhiirderKarhiirderGooshiirderDrawiidisk SpriikTamil NaduIndienSri Lanka (function()var node=document.getElementById("mw-dismissablenotice-anonplace");if(node)node.outerHTML="u003Cdiv class="mw-dismissable-notice"u003Eu003Cdiv class="mw-dismissable-notice-close"u003E[u003Ca tabindex="0" role="button"u003EFersteegu003C/au003E]u003C/divu003Eu003Cdiv class="mw-dismissable-notice-body"u003Eu003Cdiv id="localNotice" lang="frr" dir="ltr"u003Eu003Cdiv id="sitenotice"u003Enu003Ccenteru003Enu003Ctable class="rahmenfarbe4" style="border-style: solid; border-width: thin; width: 70%;"u003Ennu003Ctbodyu003Eu003Ctru003Enu003Ctd style="text-align:center;"u003Eu003Ca href="/wiki/Datei:Nordfriesischeflagge.svg" class="image"u003Eu003Cimg alt="Nordfriesische
Read more

Align equal signs while including text over equalitiesAMS align: left aligned text/math plus multicolumn alignmentMultiple alignmentsAligning equations in multiple placesNumbering and aligning an equation with multiple columnsHow to align one equation with another multline equationUsing \ in environments inside the begintabularxNumber equations and preserving alignment of equal signsHow can I align equations to the left and to the right?Double equation alignment problem within align enviromentAligned within align: Why are they right-aligned?

Image
Why didn't the Universal Translator speak whale? What is /dev/null and why can't I use hx on it? The work of mathematicians outside their professional environment Does the DOJ's declining to investigate the Trump-Zelensky call ruin the basis for impeachment? Are there any tricks to pushing a grand piano? Maintaining distance Does it require less energy to reach the Sun from Pluto's orbit than from Earth's orbit? Object Oriented Design: Where to place behavior that pertains to more than one type of object? Choice of solvent during thin layer chromatography How to catch creatures that can predict the next few minutes? Use floats or doubles when writing mobile games How come the Russian cognate for the Czech word "čerstvý" (fresh) means entirely the opposite thing (stale)? What are the limits on an impeached and not convicted president? How to calculate Limit of this sequence Bash-script as linux-service won't run, but executed
Read more

Training a classifier when some of the features are unknownWhy does Gradient Boosting regression predict negative values when there are no negative y-values in my training set?How to improve an existing (trained) classifier?What is effect when I set up some self defined predisctor variables?Why Matlab neural network classification returns decimal values on prediction dataset?Fitting and transforming text data in training, testing, and validation setsHow to quantify the performance of the classifier (multi-class SVM) using the test data?How do I control for some patients providing multiple samples in my training data?Training and Test setTraining a convolutional neural network for image denoising in MatlabShouldn't an autoencoder with #(neurons in hidden layer) = #(neurons in input layer) be “perfect”?

Image
Extremely casual way to make requests to very close friends Why are Gatwick's runways too close together? AsyncDictionary - Can you break thread safety? Different inverter (logic gate) symbols Y2K... in 2019? Withdrew when Jimmy met up with Heath Christian apologetics regarding the killing of innocent children during the Genesis flood How does 'AND' distribute over 'OR' (Set Theory)? Ex-contractor published company source code and secrets online how to differentiate when a child lwc component is called twice in parent component? Infeasibility in mathematical optimization models How is this kind of structure made? Plausibility of Ice Eaters in the Arctic Tikzpicture - finish drawing a curved line for a cake slice Why is transplanting a specific intact brain impossible if it is generally possible? How to create all combinations from a nested list while preserving the structure using R? What should I call bands of armed men in Medieval T
Read more