Security

How are passwords encrypted in Splunk?

alexander_lucas
Explorer

What method is used to protect and encrypt passwords in Splunk. For example the "Users" passwords (when Local type of accounts are used).

Is there a way for a root user of the Splunk server to reverse the passwords to plain text?

0 Karma
1 Solution

lguinn2
Legend

There is no way for the root user to reverse the passwords. However, someone with access to $SPLUNK_HOME/etc/passwd could edit the file with a text editor, removing users altogether. If all users are removed (usually by renaming the passwd file) then the default Splunk login becomes whatever was specified in user-seed.conf. This is usually user: admin and password: changeme.

I believe that the actual encryption is based on the Unix crypt(3) routine, which is a one-way hash function based upon a modified DES algorithm. But I could be wrong...

View solution in original post

lguinn2
Legend

There is no way for the root user to reverse the passwords. However, someone with access to $SPLUNK_HOME/etc/passwd could edit the file with a text editor, removing users altogether. If all users are removed (usually by renaming the passwd file) then the default Splunk login becomes whatever was specified in user-seed.conf. This is usually user: admin and password: changeme.

I believe that the actual encryption is based on the Unix crypt(3) routine, which is a one-way hash function based upon a modified DES algorithm. But I could be wrong...

jrodman
Splunk Employee
Splunk Employee

You can see the information on the algorithms used in etc/passwd in etc/system/README/authentication.conf.spec and etc/system/default/authentication.conf

At the time of this answer, (5.0.x), Splunk was using MD5 with a large number of rounds. Currently we are using SHA512.

pbarbuto
Path Finder

Is Splunk still using the same encryption today or has it changed in spunk 7.x?

0 Karma
Get Updates on the Splunk Community!

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Did you know that for Splunk Enterprise 9.4, Python 3.9 is the default interpreter? This shift is not just a ...