https://community.splunk.com/t5/Security/How-are-passwords-encrypted-in-Splunk/m-p/75318#M2518 <P>There is no way for the root user to reverse the passwords. However, someone with access to <CODE>$SPLUNK_HOME/etc/passwd</CODE> could edit the file with a text editor, removing users altogether. If all users are removed (usually by renaming the <CODE>passwd</CODE> file) then the default Splunk login becomes whatever was specified in <CODE>user-seed.conf</CODE>. This is usually user: <EM>admin</EM> and password: <EM>changeme</EM>.</P> <P>I believe that the actual encryption is based on the Unix crypt(3) routine, which is a one-way hash function based upon a modified DES algorithm. But I could be wrong...</P> Wed, 02 Jan 2013 03:04:11 GMT lguinn2 2013-01-02T03:04:11Z https://community.splunk.com/t5/Security/How-are-passwords-encrypted-in-Splunk/m-p/75317#M2517 <P>What method is used to protect and encrypt passwords in Splunk. For example the "Users" passwords (when Local type of accounts are used).</P> <P>Is there a way for a root user of the Splunk server to reverse the passwords to plain text?</P> Wed, 02 Jan 2013 01:48:41 GMT https://community.splunk.com/t5/Security/How-are-passwords-encrypted-in-Splunk/m-p/75317#M2517 alexander_lucas 2013-01-02T01:48:41Z https://community.splunk.com/t5/Security/How-are-passwords-encrypted-in-Splunk/m-p/75318#M2518 <P>There is no way for the root user to reverse the passwords. However, someone with access to <CODE>$SPLUNK_HOME/etc/passwd</CODE> could edit the file with a text editor, removing users altogether. If all users are removed (usually by renaming the <CODE>passwd</CODE> file) then the default Splunk login becomes whatever was specified in <CODE>user-seed.conf</CODE>. This is usually user: <EM>admin</EM> and password: <EM>changeme</EM>.</P> <P>I believe that the actual encryption is based on the Unix crypt(3) routine, which is a one-way hash function based upon a modified DES algorithm. But I could be wrong...</P> Wed, 02 Jan 2013 03:04:11 GMT https://community.splunk.com/t5/Security/How-are-passwords-encrypted-in-Splunk/m-p/75318#M2518 lguinn2 2013-01-02T03:04:11Z https://community.splunk.com/t5/Security/How-are-passwords-encrypted-in-Splunk/m-p/75319#M2519 <P>You can see the information on the algorithms used in etc/passwd in etc/system/README/authentication.conf.spec and etc/system/default/authentication.conf</P> <P>At the time of this answer, (5.0.x), Splunk was using MD5 with a large number of rounds. Currently we are using SHA512.</P> Tue, 03 Mar 2015 22:27:17 GMT https://community.splunk.com/t5/Security/How-are-passwords-encrypted-in-Splunk/m-p/75319#M2519 jrodman 2015-03-03T22:27:17Z https://community.splunk.com/t5/Security/How-are-passwords-encrypted-in-Splunk/m-p/541397#M12109 <P>Is Splunk still using the same encryption today or has it changed in spunk 7.x?</P> Thu, 25 Feb 2021 17:49:11 GMT https://community.splunk.com/t5/Security/How-are-passwords-encrypted-in-Splunk/m-p/541397#M12109 pbarbuto 2021-02-25T17:49:11Z