Bookmark and Share

Recent Posts

Improve Your Password-Hashing Algorithms

September 23, 2013

Recently, I was at a customer site where I heard a conversation between an AIX admin and a Linux admin who were discussing their concerns regarding password-hash compatibility with Linux, active directory (AD) lightweight directory access protocol (LDAP) passwords and AIX.

The focus, from the Linux admin was on the need to have SMD5 support in AD continued. The question they still have is which LDAP server to use: AD, which they use today, or switch to open LDAP, which is supported on the Linux distribution they’re using. Apparently the security department, which is pushing a move to LDAP for all user authentication on all platforms, thinks request for comment (RFC) 2307 schema is enough for all *NIX platforms. 

My opinion is different, but that will come in a different blog post. Today, I want to discuss how compatible AIX is with Linux’s old (SMD5) and new (SHA512) default algorithms. For a quick reference on Linux architecture choices and changes in defaults in password hashing, I recommend this Linux wiki.

AIX supports several password algorithms. These are specified in /etc/security/pwdalg.cfg, which I’ll quote:


* /usr/lib/security/smd5 is a password hashing load module using

* the MD5 algorithm.


* It supports password length up to 255 characters.

* To generate smd5 password hash compatible to standard salted MD5,

* add the following option line for smd5 stanza.

*       lpa_options = std_hash=true

* Note : password hash generated with this option won't be compatible with

* hash generated without this option.



* smd5:

*        lpa_module = /usr/lib/security/smd5


If you would want the AIX password hash to be compatible with the older SMD5 Linux standard (this changed in 2011 to SHA512), you would need to execute the following command:

# set default password algorithm

chsec -f /etc/security/login.cfg -s usw -a pwd_algorithm="smd5"

However, the better choice, which is supported in AIX 5.3, 6.1 and 7.1 (as is SMD5), is to use the improved SHA512 algorithm.

The stanza in /etc/security/pwdalg.cfg is:


        lpa_module = /usr/lib/security/ssha

        lpa_options = algorithm=sha512

So, the command needed to change the default (which is very weak) password hashing algorithm is:

# set default password algorithm

chsec -f /etc/security/login.cfg -s usw -a pwd_algorithm="ssha512"

If you read the end of the Linux architecture wiki entry you’ll notice that the old SMD5 password hashes began with $5 and the new passwords begin with $6. AIX does this differently. The crypt hash has no prefix—it’s just 14 characters exactly as it would have appeared in /etc/passwd 30-plus years ago. The new algorithms have the label of the present working directory (PWD) algorithm stanza in {} brackets. The following are three examples for the guest account . All three passwords are different to make it more fun for someone trying to hack the algorithm. They are similar, though, to make it possible—and I don’t use this as a password anywhere, not even in a demo.

The following are AIX password-hashing examples as found in the “shadow” file, /etc/password/passwd.


        password = Mx2ijZaNMkdF6

        lastupdate = 1379626278

        flags = ADMCHG


        password = {smd5}WjvcMCtD$7p6dLZ4B.zk6rRURpLOk4.

        lastupdate = 1379626360

        flags = ADMCHG


      password = {ssha512}06$/PVgNw6bUHj0sK2l$uE7hd/HHTy3lLEQwPGSSC0VLDYnOo7ARdkLVkuoj9jMkSlY55IFFJW44Q2koQD.MBQ463/KRkcfGOuJX6CC9..

        lastupdate = 1379626451

        flags = ADMCHG

In short, AIX is very versatile in the password-hashing algorithms it supports, and a high degree of additional customization is possible (read /etc/security/pwdalg.cfg for examples/instructions).

Finally, If you haven’t changed your password-hashing algorithm, do it today! To check, use: 

# list current password hashing algorithm

lssec -f /etc/security/login.cfg -s usw -a pwd_algorithm

If the answer is:

usw pwd_algorithm= 

You have not set it, so it’s still 56-bit crypt. If the answer is not “ssha512,” you aren’t using the best (standard) solution available.

Posted September 23, 2013| Permalink

Post a Comment

Note: Comments are moderated and will not appear until approved

comments powered by Disqus