X

News, tips, partners, and perspectives for the Oracle Solaris operating system

Generating a crypt_sha256 hash from the CLI

Darren Moffat
Senior Software Architect

When doing a completely hands off Solaris installation the System Configuration profile needs to contain the hash for the root password, and the optional inital non root user.

Unfortunately Solaris doesn't currently provide a simple to use command for generating these hashes, but with a very simple bit of Python you can easily create them:

#!/usr/bin/python
import crypt, getpass, os, binascii
if __name__ == "__main__":
cleartext = getpass.getpass()
salt = '$5$' + binascii.b2a_base64(os.urandom(8)).rstrip() + '$'
print crypt.crypt(cleartext, salt)



                                         
    
                    
          
        
              
       

                                
                                                                

Join the discussion

Comments ( 5 )
  • DavidC Saturday, February 23, 2013

    Another option:

    $ openssl dgst -sha256 test.pl

    SHA256(test.pl)= 842ca972dedf55aac6c771040d0e863eeb44fa7307ae110031bab0705be2a91c


  • DavidC Tuesday, February 26, 2013

    Yes, after reviewing the link you posted I was waaay off base. Learn something new everyday. Thanks!


  • Mique Tuesday, November 5, 2013

    Are you sure the salt passed to crypt.crypt should include the leading '$5$' and trailing '$'??


  • Darren J Moffat Monday, November 11, 2013

    Mique, yes because this is a crypt(3C) salt, the reason for the $5$ is to ensure we use that hash algorithm. If I was writting this in C code I'd use the Solaris crypt_gensalt() function which uses the policy.conf(4) settings to determine which hash to select.


  • Ludovic Kuty Friday, August 28, 2015

    Thanks, it proved very useful


Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.