Linux stores users’ encrypted passwords, as well as other security information, such as account or password expiration values, in the /etc/shadow file.
Someday you may need to edit the /etc/shadow file manually to set or change ones password.
Unlike the /etc/passwd that is readable for everyone, the /etc/shadow file MUST be readable by the ROOT user only.
For this you would have to generate password hash in the format compatible with /etc/shadow.
Cool Tip: Want to create a USER with ROOT privileges? This can be very dangerous! But if you insist… Read more →
There is no need to install any additional tools as it can be easily done from the Linux command line using Python.
Generate Password Hash for /etc/shadow
The encrypted passwords in /etc/shadow file are stored in the following format:
$ID$SALT$ENCRYPTED
The $ID indicates the type of encryption, the $SALT is a random (up to 16 characters) string and $ENCRYPTED is a password’s hash.
| Hash Type | ID | Hash Length |
|---|---|---|
| MD5 | $1 | 22 characters |
| SHA-256 | $5 | 43 characters |
| SHA-512 | $6 | 86 characters |
Cool Tip: Got a hash but don’t know what type is it? Find out how to easily identify different hash types! Read more →
Use the below commands from the Linux shell to generate hashed password for /etc/shadow with the random salt.
Generate MD5 password hash:
python -c "import random,string,crypt;
randomsalt = ''.join(random.sample(string.ascii_letters,8));
print crypt.crypt('MySecretPassword', '\$1\$%s\$' % randomsalt)"
---
$1$YjOzcqrf$Zqx4sx5CQRuEIFCdOLAJV0
Generate SHA-256 password hash:
python -c "import random,string,crypt;
randomsalt = ''.join(random.sample(string.ascii_letters,8));
print crypt.crypt('MySecretPassword', '\$5\$%s\$' % randomsalt)"
---
$5$LgsPuaeR$OCtm.3tpbS/wyOZAIy6dsVNP4x0GyohyGebkIz15e88
Generate SHA-512 password hash:
python -c "import random,string,crypt;
randomsalt = ''.join(random.sample(string.ascii_letters,8));
print crypt.crypt('MySecretPassword', '\$6\$%s\$' % randomsalt)"
---
$6$HMpFTkgb$WqzuqMqYbjWsXFrOtvZPo.1gIkH6HiXJGr4QPv.k26jE.3mE.sdf3dds[...]
Hope these commands will be helpful.
Just don’t forget to replace MySecretPassword with YourSecretPassword.
As you can see, it is really very easy to generate hashes for the /etc/shadow from the Linux command line using Python.
Particularly for the reason that the Python is installed by default on the most Linux distributions.
Since this page is ranked quite high, I have to say that random module from python MUST NOT be used to generate cryptographically secure strings. Use the secret module as described in https://docs.python.org/3/library/secrets.html
The salt is not a secret, though. It must be unique, which is fulfilled even with using pseudo-random generators.
That’s a great help. I previously had a very basic Perl script for the old DES hashing, but this is a lot more useful, thanks.
A new hash type has come: yescrypt
ID is $y