nerdexam
GIAC

GCIH · Question #711

What type of hash is used in the password hash below?

The correct answer is B. SHA-512. A $6$ prefix in a Linux /etc/shadow hash entry identifies it as a SHA-512 crypt hash using the modular crypt format.

Vulnerability Exploitation & Privilege Escalation

Question

What type of hash is used in the password hash below?

Options

  • ADES
  • BSHA-512
  • CMD5
  • DSHA-256

How the community answered

(20 responses)
  • B
    90% (18)
  • C
    5% (1)
  • D
    5% (1)

Why each option

A $6$ prefix in a Linux /etc/shadow hash entry identifies it as a SHA-512 crypt hash using the modular crypt format.

ADES

Traditional DES-based Unix crypt hashes have no dollar-sign prefix and are exactly 13 characters long - they are a legacy, weak scheme no longer used by default.

BSHA-512Correct

Linux systems use a modular crypt format where a numeric prefix in the hash string identifies the algorithm - $6$ designates SHA-512. SHA-512 is the modern default hashing scheme on most Linux distributions, applying the SHA-512 digest with a random per-user salt and configurable iteration rounds to resist brute-force and rainbow table attacks.

CMD5

MD5 password hashes in the modular crypt format use the $1$ prefix, not $6$, and produce a 22-character encoded hash value.

DSHA-256

SHA-256 hashes in the modular crypt format use the $5$ prefix - SHA-512 is identified by $6$, so these two are distinct and not interchangeable.

Concept tested: Linux /etc/shadow password hash algorithm identification

Source: https://man7.org/linux/man-pages/man3/crypt.3.html

Topics

#hash identification#SHA-512#password hashing#cryptography

Community Discussion

No community discussion yet for this question.

Full GCIH Practice