Ever looked at the password encrypted using an algorithm other than crypt_unix(5) in the /etc/shadow file on Solaris and thought "How is that string constructed?" No? Why not? Well, you will now :-) Lets take a look.

Suppose you've got a Solaris 11 system with the default password encryption algorithm of SHA-256 selected (How to change the default password encryption algorithm). You'll see your users have a password hash in the /etc/shadow file which looks similar to:

$5$KvXJcReF$KGNfwC/Dan0Dsk8vC4mM4buU0ALJGRI7jl/unca29w6

With the knowledge that the $ char is the field separator, we can describe the string as follows:

$<Algorithm_Identifier>$<Salt_String>$<Final_Hash>

So if we break down our original password string, we get:

5 ⇒ Algorithm Identifier (other options offered in Solaris 11).
KvXJcReF ⇒ Salt
KGNfwC/Dan0Dsk8vC4mM4buU0ALJGRI7jl/unca29w6 ⇒ Final password hash

This isn't the only way the password string could be depicted... if you customize the number of "rounds" in the /etc/security/crypt.conf file, your salt string may include an additional field. For example, after adding "rounds=1000" (the default is 5000) to the crypt_sha256.so.1 line in /etc/security/crypt.conf file and regenerating my password, the password string now looks like this:

$5$rounds=1000$g.e4m24n$/i4iakvQxay8LWFFdvmVCY8q5GkzBeBx3KlhC8FnOK9

So now you may be thinking "Well, the encryption identifier is easy enough to workout, but how are the salt and hash fields generated?".

The salt string is randomly generated for each password and the hash... well that's a little more complicated. If you really want to know how the hash is actually generated, and read about the full implementation details and logic behind this encrypted string, you can find all the gory details here and for a more relaxed explanation for the very similar SunMD5 hashing algorithm, check out Alec Muffet's explanation.

And now you know how that encrypted password string on Solaris is constructed.