Generating sha512 passwords

Normally I would use ‘openssl passwd’ to generate encrypted passwords for scripts and config files, but it doesn’t appear to support sha256 and sha512 yet. There doesn’t appear to be an openssl ticket for this yet. Ubuntu has switched to using SHA512 by default (see ENCRYPT_METHOD in /etc/login.defs). In the course of tracking down the use of passwd/root-password-crypted not working in a jaunty pxe/network install (LP: 340841), I needed to generated a sha512 password to replace the md5 password in the d-i config file.

15:11 < cjwatson> $ echo cjwatson:foo | chpasswd -S -c SHA512
15:11 < cjwatson> cjwatson:$6$K./rc/OhIRi$ylKWgewTkGP3TyXfwj8nnKyIhph66WucLseLjGKKzRM0oRcuRzng2szcC/JZpY13dLxmlILx7eSfdfMHTruH40

4 thoughts on “Generating sha512 passwords

  1. Pingback: Scripting the root password on Ubuntu 9.10 (karmic) at btm.geek

  2. Gabe

    This solution doesn’t seem to be very cross-platform, because on Ubuntu 10.10 at leas (since Ubuntu is explicitly mentioned):

    ubuntu@ip-xxxxxxxx~$ echo cjwatson:foo | chpasswd -S -c SHA512
    chpasswd: invalid option — ‘c’
    Usage: chpasswd [options]

    -h, –help display this help message and exit
    -S, –stdout report encrypted passwords to stdout
    instead of changing the passwd file

    Similarly, on Gentoo:

    $ /usr/sbin/chpasswd –help
    Usage: chpasswd [options]

    -h, –help display this help message and

  3. btm Post author

    This worked a year ago, see the newer post Scripting the root password on Ubuntu 9.10… (in the pingback) for a newer method. “mkpasswd -m sha-512” still works on Ubuntu 10.04 (lucid).

    chpasswd on Ubuntu probably isn’t the same program as chpasswd on Gentoo, as is often the case when you switch operating systems. mkpasswd used to come from the whois package on Ubuntu and now comes from its own package. Some brief time on Google leads me to starting with ‘app-crypt/cli-crypt’.

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload the CAPTCHA.