Ubuntu does not encrypt anything by default. You have to use specific tools to encrypt. For example, e4crypt
, ssh
, gpg
. Each of these tools may have a default encryption, and some support multiple encryption methods and let you configure the default.
You may notice that passwords are not listed above. That is because Ubuntu does not encrypt passwords, and no safe system does, because encryption is designed to be reversed and is typically fast, which would allow multiple guesses at passwords in a short time. Passwords are hashed in a lossy non-reversible way that is cryptographically secure and slow, so that even if the hashed password is leaked, it will take significant time to guess it from the hash.
Multiple password hash methods are supported, and the Ubuntu default configuration is to accept all of them, so if you upgrade and don't change your password, or even copy your hashed password from an original Unix system (e.g., sysVr4) it will still work.
The default password hash method is set in /etc/login.defs
with the keyword (ironically) ENCRYPT_METHOD
and new passwords will be hashed with this method. I believe the default for Ubuntu 18.04 - Ubuntu 22.04 has been SHA512
.