Generally all distributions of Linux have used cryptographic hashes for passwords for a very long time. A salt was added when rainbow attacks were in vogue in the early 2000s. Windows is behind the curve: they still do not salt passwords. WIndows is limited to 16 symbols for passwords.

salted_pass = password + salt;

hash = sha512(salted_pass);

Using a simple string function to append a 512 bit random generated value provides very strong resistance to rainbow attacks. Then using sha512 hashing of the new salted password means the password file is secure and copies are useless to anyone who has them. Take note the 512 bit salt is only as good as the underlying password.


To change the user password:

sudo passwd [username]

Linux will then prompt for the old password then you can enter the new password which will then be hashed in place of the old one.

Take note that by default, Linux endorses some modicum of password complexity, it now uses a checker to prevent the use of bad passwords.