Password Hashing¶

The system password used for logging into Ubuntu is stored in /etc/shadow.

Historically, very old-style password hashes were based on DES and visible in /etc/passwd. Modern Linux has long since moved to /etc/shadow and used salted MD5-based hashes (crypt id 1) for password verification. Since MD5 is considered weak, Ubuntu 8.10 and later proactively moved to using salted SHA-512-based password hashes (crypt id 6), which are significantly harder to brute-force.

Ubuntu 22.04 LTS and later switched to yescrypt to provide increased protection against offline password cracking.

For more details, see the crypt manpage.

Regression tests: test-glibc-security.py.