Upgrade Red Hat / CentOS 5 Password Hashing

By | 2011/06/25

By default, Red Hat / CentOS 5 uses the largely less desirable md5 algorithm for local account password hashing. Bah!

Debian / Ubuntu : you are already using SHA-512 – yay! Be sure to mock your fellow Red Hat friends on this topic. (Note: the new Red Hat / CentOS 6 is now SHA-512 by default. Yay!)


You can verify the hashing algorithm in use by peeking at the /etc/shadow file on your Linux box.

Usernames will have something like:

username:$1$ASdascFs$ASdsadfAdsADfsfasAsdfASdfASDFaSff.....

The first dollar sign indicates the hashing algorithm used.

$1 – MD5
$2 – blowfish
$2a – eksblowfish
$5 – SHA-256
$6 – SHA-512

nixCraft has a good blog post on how CentOS / Red Hat 5 users can upgrade to SHA-512 (see link below). But note this process logically requires all users to create a new password.

http://www.cyberciti.biz/faq/rhel-centos-fedora-linux-upgrading-password-hashing/