35

In /etc/shadow file there are encrypted password.

Encrypted password is no longer crypt(3) or md5 "type 1" format. (according to this previous answer) Now I have a

$6$somesalt$someveryverylongencryptedpasswd

as entry.

I can no longer use

 openssl passwd -1 -salt salt hello-world
 $1$salt$pJUW3ztI6C1N/anHwD6MB0

to generate encrypted passwd.

Any equivalent like (non existing) .. ?

 openssl passwd -6 -salt salt hello-world
Archemar
  • 31,554
  • Related: http://unix.stackexchange.com/questions/52108/how-to-create-sha512-password-hashes-on-command-line as well as http://unix.stackexchange.com/questions/81240/manually-generate-password-for-etc-shadow – slm Jan 28 '16 at 02:14
  • You should not be supplying the salt - it should be randomly generated. (The only reason to supply it is to check a password against an existing hash) – Gert van den Berg Dec 06 '22 at 07:48
  • my purpose was precisely to check wether a given string is the actual password, so I have to reuse the salt. – Archemar Dec 06 '22 at 08:30

2 Answers2

41

On Debian-based systems you can use mkpasswd.

mkpasswd -m sha-512 PASSWORD [SALT]

(PASSWORD is your desired password; SALT is optional.)

Strangely, that tool is found in the whois package.

sudo apt-get install whois
  • 6
    +1 for whois package name for installation. – Arda Jan 28 '16 at 16:53
  • 2
    For clarification, PASSWORD is your desired password and the SALT, explained here: https://en.wikipedia.org/wiki/Salt_%28cryptography%29 can be omitted. – harperville Feb 26 '16 at 14:23
  • Is there a command to check if mkpasswd's generated hash is correct? I'm generating it and it constantly fails after I put it in /etc/shadow. – CMCDragonkai Mar 08 '18 at 05:57
  • I'm sure the generated hash would be correct, and your problem would be in something else. But, to verify it, you could generate the hash using an independent implementation of the hash (such as one of the other answers to this question). – Craig McQueen Mar 09 '18 at 01:28
  • It looks like if SALT is not specified, mkpasswd generates a random one for you. Otherwise, mkpasswd expects the SALT to be between 8 and 16 bytes inclusively. – Nicholas Sushkin Apr 24 '19 at 15:33
  • You should probably also put a space before this command to prevent your password from being stored in your bash history. – Gregory Arenius Aug 12 '19 at 23:54
38

Python:

python -c 'import crypt; print crypt.crypt("password", "$6$saltsalt$")'

(for python 3 and greater it will be print(crypt.crypt(..., ...)))

Perl:

perl -e 'print crypt("password","\$6\$saltsalt\$") . "\n"'
slm
  • 369,824