Question

How are Passwords within UCS are encrypted?

Answer

Passwords are usually hashed and stored using SHA-512. The hashing method can be set via the UCR variable ‘password/hashing/method’.

root@ucs:~# ucr info password/hashing/method
password/hashing/method: SHA-512
 Selects the hash algorithm to use for saving passwords in the LDAP directory. Possible values are: "MD5": Less secure than the SHA methods, not recommended; "SHA-256": more secure than MD5; "SHA-512": more secure than MD5, recommended. (default if not or incorrectly set: "SHA-512", capitalisation is ignored).
 Categories: system-password

Detailed technical Information

The stored Value is salted and contains the following parts (they are separated by $)

$6$mclEwEsVXxmIbwob$iWYNviH9PZgwvdIWdmgsaVKFmVAsNvoIGESkKytCXBXKdE/fE7MZv2KDPGSjBGTxKSBg5.2GOw8azffvpbX2e/

6 is the mode → Crypt3 + SHA-512
mclEwEsVXxmIbwob → the generated Salt
iWYNviH9PZgwvdIWdmgsaVKFmVAsNvoIGESkKytCXBXKdE/fE7MZv2KDPGSjBGTxKSBg5.2GOw8azffvpbX2e/ → the Password Hash itself