Can users passwords be cracked from etc/shadow file?

Solution 1:

While DES should never be used, MD5 is also weak. Check your /etc/login.defs file for the ENCRYPT_METHOD setting. SHA512 is the strongest possible option as far as I know. If your hashes in /etc/shadow start with "$6$", that's SHA512 which I think is not known to be broken (unlike DES and MD5). Of course, strong password hashes do not mean that simple passwords cannot still be easily cracked - they can.

Solution 2:

After research , i can answer this questions :

Can passwords be cracked : Yes

How : by using crack software like : John the Ripper security software which is open source and can be installed easily.

What should be the level of cracker : Newbie , because this software is pretty good and there are plenty of instructions on the net how to use it .

Here is How easy to use it to crack passwords! Link

What should i do to be more secure ?

1) Make sure you use SHA512 on your passwords instead of DES and md5 !
2) Use a password cracker  to filter out weak passwords .
3) Use different passwords on different systems.
4) force users to change their passwords - the root password should be changed even more frequently!
5) Your passwords should be:
At least 8 characters long.
Have at least one number.
Have at least one non-alphanumeric character.
Not consist of a dictionary word.
Have both upper and lower case letters.

References : dankalia