Linux Upgrade Password Hashing Algorithm to SHA-512

The default algorithm for storing password hashes in /etc/shadow is MD5. I was told to use SHA-512 hashing algorithm. How do I set password hashing using the SHA-256 and SHA-512 under CentOS or Redhat Enterprise Linux 5.4?

You need to use authconfig command to setup SHA-256/512 hashing. This command provides a simple method of configuring /etc/sysconfig/network to handle NIS, as well as /etc/passwd and /etc/shadow, the files used for shadow password support. Basic LDAP, Kerberos 5, and SMB (authentication) client configuration is also provided.

Advertisement

Display Current Hashing Algorithm

Type the following command:
# authconfig --test | grep hashing
Sample outputs:

password hashing algorithm is md5

Configure Linux Server To Use The SHA-512

To configure the Linux system to use the SHA-512 algorithm, enter:
# authconfig --passalgo=sha512 --update
Note users need to change their passwords in order to generate hashes using SHA-512. You can force users to change their password on next login:
# chage -d 0 userName

🥺 Was this helpful? Please add a comment to show your appreciation or feedback.

nixCrat Tux Pixel Penguin
Hi! 🤠
I'm Vivek Gite, and I write about Linux, macOS, Unix, IT, programming, infosec, and open source. Subscribe to my RSS feed or email newsletter for updates.

14 comments… add one
  • chris Jul 30, 2012 @ 8:54

    sha-512 should not be used for passwords. nor should md5 – you need some kind of HMAC solution instead – see hashcat speeds for a great example of what’s really weak.

  • william Oct 23, 2012 @ 2:35

    does it affect other passwords like application servers installed in the same linux box?

  • Jan Gerrit Kootstra Apr 5, 2016 @ 21:38

    Warning does not seem to work, if you use openldap clients. I have not found the correct syntax to add openldap client support.

  • Arsalan May 23, 2016 @ 18:31

    Awesome Blossom :) thx

Leave a Reply

Your email address will not be published. Required fields are marked *

Use HTML <pre>...</pre> for code samples. Your comment will appear only after approval by the site admin.