Unix $5$ and $6$ hashes from the command line


  • Sun 06 September 2020
  • misc

Until recently I had been reliant on random Perl and Python one-liners to generate $5$ and $6$ hashes (as well as $1$ - AHEM, Juniper...) when I needed to email someone a password or set up Ansible for mail accounts on SmartOS.

Today I learned that OpenSSL 1.1.1 (2018) added appropriate flags to DTRT.

[root@ansible ~]# openssl passwd -1 -stdin
fakepassword
$1$8PCemZjH$Mqmha1MOTKTAJ9OR5XFlP.
[root@ansible ~]# openssl passwd -5 -stdin
fakepasswordaswell
$5$Bdf/lehpL.7inbxB$UrPMp2uakogTS5OmEz.71gJLg0smlGfCHDdeHNnjrU6
anotherfakepassword
$5$GI99ai7jJQ4SEGmx$isNa0W4P8wNQHykgw2oQG2oU0EcEmiAJcBSPFjBNia0
[root@ansible ~]# openssl passwd -6 -stdin
notreallymypassword
$6$WR1BncSR0DS8v/Vx$zWaFeUUc2VeQMPEODAOqK7gqKtNGhSsBfORTAOGR1ExG9ODg4qsSt.L.ckNjHmAx7vx0nDxKxN45fBPuIDV62.
[root@ansible ~]# 

You can also specify the password on the command line, if you're the kind of person who likes to leave that kind of thing lying about in your .bash_history...