Password hash in /etc/shadow weakens the security if /home encryption is enabledtransparent home directory encryptionIs /home encryption useful on a server?How do I get passwords from the keyring in the terminal for usage in scripts?How to decode the hash password in /etc/shadowDoes Home Encryption used in addition to Disk Encryption increase security?How do I update shadow file password hashes after changing the encryption method?Recover/change encryption password

How to respond when insulted by a grad student in a different department?

I'm largest when I'm five, what am I?

Make Leaflet polyline bold by hover?

My name was added to manuscript as co-author without my consent; how to get it removed?

SQL server backup message

"Kept that sister of his quiet" meaning

Can you use wish to cast a level 9 spell?

Fill a bowl with alphabet soup

SSH from a shared workplace computer

Modern warfare theory in a medieval setting

What are the consequences for downstream actors of redistributing a work under a wider CC license than the copyright holder authorized?

Why is CMYK & PNG not possible?

Is consistent disregard for students' time "normal" in undergraduate research?

Suspicious crontab entry running 'xribfa4' every 15 minutes

Print the sequence

Numbering like equations for regular text

Song in C major has F# note

What powers an aircraft prior to the APU being switched on?

What causes standard door hinges to close up to a certain amount automatically?

Can you decide not to sneak into a room after seeing your roll?

Did Feynman cite a fallacy about only circles having the same width in all directions as a reason for the Challenger disaster?

What is joint estimation?

What can I do to avoid potential charges for bribery?

I didn't do any exit passport control when leaving Japan. What should I do?



Password hash in /etc/shadow weakens the security if /home encryption is enabled


transparent home directory encryptionIs /home encryption useful on a server?How do I get passwords from the keyring in the terminal for usage in scripts?How to decode the hash password in /etc/shadowDoes Home Encryption used in addition to Disk Encryption increase security?How do I update shadow file password hashes after changing the encryption method?Recover/change encryption password






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty
margin-bottom:0;









0

















Recently I have encrypted the /home folder with fscrypt, I know it uses Argon2 to derive the decryption key and it takes about a second to do so but I'm concerned about the password stored in /etc/shadow using SHA-512. The attacker can just brute force the password hashed with SHA-512 which would significantly speed up the brute-forcing process. So is it possible to use a stronger hashing algorithm in /etc/shadow if I still want to use the login passphrase as my decryption password?






password encryption security home-directory







share|improve this question


























  • Are you sure that the hash in /etc/shadow is raw SHA-512, rather than sha512crypt ($6$) ? "Just brute force" varies - bcrypt/blowfish may be your best option (via PAM?), but sha512crypt isn't terrible, especially if you're using a random passphrase with sufficient entropy, such that bruteforcing for a slow hash like sha512crypt becomes infeasible.

    – Royce Williams
    Apr 21 at 18:34


















0

















Recently I have encrypted the /home folder with fscrypt, I know it uses Argon2 to derive the decryption key and it takes about a second to do so but I'm concerned about the password stored in /etc/shadow using SHA-512. The attacker can just brute force the password hashed with SHA-512 which would significantly speed up the brute-forcing process. So is it possible to use a stronger hashing algorithm in /etc/shadow if I still want to use the login passphrase as my decryption password?






password encryption security home-directory







share|improve this question


























  • Are you sure that the hash in /etc/shadow is raw SHA-512, rather than sha512crypt ($6$) ? "Just brute force" varies - bcrypt/blowfish may be your best option (via PAM?), but sha512crypt isn't terrible, especially if you're using a random passphrase with sufficient entropy, such that bruteforcing for a slow hash like sha512crypt becomes infeasible.

    – Royce Williams
    Apr 21 at 18:34














0












0








0








Recently I have encrypted the /home folder with fscrypt, I know it uses Argon2 to derive the decryption key and it takes about a second to do so but I'm concerned about the password stored in /etc/shadow using SHA-512. The attacker can just brute force the password hashed with SHA-512 which would significantly speed up the brute-forcing process. So is it possible to use a stronger hashing algorithm in /etc/shadow if I still want to use the login passphrase as my decryption password?






password encryption security home-directory







share|improve this question














Recently I have encrypted the /home folder with fscrypt, I know it uses Argon2 to derive the decryption key and it takes about a second to do so but I'm concerned about the password stored in /etc/shadow using SHA-512. The attacker can just brute force the password hashed with SHA-512 which would significantly speed up the brute-forcing process. So is it possible to use a stronger hashing algorithm in /etc/shadow if I still want to use the login passphrase as my decryption password?






password encryption security home-directory




password encryption security home-directory






share|improve this question













share|improve this question











share|improve this question




share|improve this question



share|improve this question










asked Apr 21 at 15:55









Ignacy RuszpelIgnacy Ruszpel

1




1















  • Are you sure that the hash in /etc/shadow is raw SHA-512, rather than sha512crypt ($6$) ? "Just brute force" varies - bcrypt/blowfish may be your best option (via PAM?), but sha512crypt isn't terrible, especially if you're using a random passphrase with sufficient entropy, such that bruteforcing for a slow hash like sha512crypt becomes infeasible.

    – Royce Williams
    Apr 21 at 18:34


















  • Are you sure that the hash in /etc/shadow is raw SHA-512, rather than sha512crypt ($6$) ? "Just brute force" varies - bcrypt/blowfish may be your best option (via PAM?), but sha512crypt isn't terrible, especially if you're using a random passphrase with sufficient entropy, such that bruteforcing for a slow hash like sha512crypt becomes infeasible.

    – Royce Williams
    Apr 21 at 18:34

















Are you sure that the hash in /etc/shadow is raw SHA-512, rather than sha512crypt ($6$) ? "Just brute force" varies - bcrypt/blowfish may be your best option (via PAM?), but sha512crypt isn't terrible, especially if you're using a random passphrase with sufficient entropy, such that bruteforcing for a slow hash like sha512crypt becomes infeasible.

– Royce Williams
Apr 21 at 18:34






Are you sure that the hash in /etc/shadow is raw SHA-512, rather than sha512crypt ($6$) ? "Just brute force" varies - bcrypt/blowfish may be your best option (via PAM?), but sha512crypt isn't terrible, especially if you're using a random passphrase with sufficient entropy, such that bruteforcing for a slow hash like sha512crypt becomes infeasible.

– Royce Williams
Apr 21 at 18:34











0






active

oldest

votes













Your Answer








StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "89"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/4.0/"u003ecc by-sa 4.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);














draft saved

draft discarded
















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1135807%2fpassword-hash-in-etc-shadow-weakens-the-security-if-home-encryption-is-enabled%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown


























0






active

oldest

votes








0






active

oldest

votes









active

oldest

votes






active

oldest

votes
















draft saved

draft discarded















































Thanks for contributing an answer to Ask Ubuntu!


  • Please be sure to answer the question. Provide details and share your research!

But avoid


  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1135807%2fpassword-hash-in-etc-shadow-weakens-the-security-if-home-encryption-is-enabled%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown









-

Popular posts from this blog

Tamil (spriik) Luke uk diar | Nawigatjuun

Image
Fering ArtiikelDrawiidisk Spriiken SölringÖömrangFeringHalunderHalifreeskMooringWiringhiirderKarhiirderGooshiirderDrawiidisk SpriikTamil NaduIndienSri Lanka (function()var node=document.getElementById("mw-dismissablenotice-anonplace");if(node)node.outerHTML="u003Cdiv class="mw-dismissable-notice"u003Eu003Cdiv class="mw-dismissable-notice-close"u003E[u003Ca tabindex="0" role="button"u003EFersteegu003C/au003E]u003C/divu003Eu003Cdiv class="mw-dismissable-notice-body"u003Eu003Cdiv id="localNotice" lang="frr" dir="ltr"u003Eu003Cdiv id="sitenotice"u003Enu003Ccenteru003Enu003Ctable class="rahmenfarbe4" style="border-style: solid; border-width: thin; width: 70%;"u003Ennu003Ctbodyu003Eu003Ctru003Enu003Ctd style="text-align:center;"u003Eu003Ca href="/wiki/Datei:Nordfriesischeflagge.svg" class="image"u003Eu003Cimg alt="Nordfriesische
Read more

Align equal signs while including text over equalitiesAMS align: left aligned text/math plus multicolumn alignmentMultiple alignmentsAligning equations in multiple placesNumbering and aligning an equation with multiple columnsHow to align one equation with another multline equationUsing \ in environments inside the begintabularxNumber equations and preserving alignment of equal signsHow can I align equations to the left and to the right?Double equation alignment problem within align enviromentAligned within align: Why are they right-aligned?

Image
Why didn't the Universal Translator speak whale? What is /dev/null and why can't I use hx on it? The work of mathematicians outside their professional environment Does the DOJ's declining to investigate the Trump-Zelensky call ruin the basis for impeachment? Are there any tricks to pushing a grand piano? Maintaining distance Does it require less energy to reach the Sun from Pluto's orbit than from Earth's orbit? Object Oriented Design: Where to place behavior that pertains to more than one type of object? Choice of solvent during thin layer chromatography How to catch creatures that can predict the next few minutes? Use floats or doubles when writing mobile games How come the Russian cognate for the Czech word "čerstvý" (fresh) means entirely the opposite thing (stale)? What are the limits on an impeached and not convicted president? How to calculate Limit of this sequence Bash-script as linux-service won't run, but executed
Read more

Where does the image of a data connector as a sharp metal spike originate from?Where does the concept of infected people turning into zombies only after death originate from?Where does the motif of a reanimated human head originate?Where did the notion that Dragons could speak originate?Where does the archetypal image of the 'Grey' alien come from?Where did the suffix '-Man' originate?Where does the notion of being injured or killed by an illusion originate?Where did the term “sophont” originate?Where does the trope of magic spells being driven by advanced technology originate from?Where did the term “the living impaired” originate?

Image
Automatically extend a Python list to N elements if it's too short? Fired for a policy I didnt know about, as well as another false reason Why isn't tilde recognised as home folder in this case? When does an Artillerist's Cannon have disadvantage? How large should a hole be for a bolt to go through? When is TeX better than LaTeX? How to determine if drill is suitable for concrete? Huygens Lander: Why The Short Battery Life? Why do people use bigger cassettes for lower gearing when they could instead use smaller chainrings? Is there a difference between downloading / installing a list of packages and downloading each packge by its own? Question about exercise 21.10 in The TeXbook How to publish a page using tridion core service client in sdl web 8.5 Can one get into trouble if one doesn't show up at the gate 30 minutes before departure (or whatever time window the boarding pass is indicating)? Does an action-reaction pair always contain the same
Read more