News, tips, partners, and perspectives for the Oracle Solaris operating system

Generating a crypt_sha256 hash from the CLI

Darren Moffat
Senior Software Architect

When doing a completely hands off Solaris installation the System Configuration profile needs to contain the hash for the root password, and the optional inital non root user.

Unfortunately Solaris doesn't currently provide a simple to use command for generating these hashes, but with a very simple bit of Python you can easily create them:

import crypt, getpass, os, binascii
if __name__ == "__main__":
cleartext = getpass.getpass()
salt = '$5$' + binascii.b2a_base64(os.urandom(8)).rstrip() + '$'
print crypt.crypt(cleartext, salt)



Join the discussion

Comments ( 5 )
  • DavidC Saturday, February 23, 2013

    Another option:

    $ openssl dgst -sha256 test.pl

    SHA256(test.pl)= 842ca972dedf55aac6c771040d0e863eeb44fa7307ae110031bab0705be2a91c

  • DavidC Tuesday, February 26, 2013

    Yes, after reviewing the link you posted I was waaay off base. Learn something new everyday. Thanks!

  • Mique Tuesday, November 5, 2013

    Are you sure the salt passed to crypt.crypt should include the leading '$5$' and trailing '$'??

  • Darren J Moffat Monday, November 11, 2013

    Mique, yes because this is a crypt(3C) salt, the reason for the $5$ is to ensure we use that hash algorithm. If I was writting this in C code I'd use the Solaris crypt_gensalt() function which uses the policy.conf(4) settings to determine which hash to select.

  • Ludovic Kuty Friday, August 28, 2015

    Thanks, it proved very useful

Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.