[CentOS] EL7, grub-crypt?

Wed Aug 27 23:15:59 UTC 2014
Darod Zyree <darodzyree at gmail.com>

2014-08-28 0:51 GMT+02:00 David Goldsmith <dgoldsmith at sans.org>:

> On Aug 27, 2014, at 6:37 PM, Darod Zyree <darodzyree at gmail.com> wrote:
>
> > 2014-08-27 16:07 GMT+02:00 Baptiste Agasse <
> baptiste.agasse at lyra-network.com
> >> :
> >
> >>
> >>
> >> ----- Mail original -----
> >>> Hi,
> >>>
> >>> Whats the new way of creating sha512 passwords in EL7?
> >>
> >>
> >>
> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/sec-GRUB_2_Password_Protection.html#sec-Password_Encryption
> >>
> >>> In Centos6 I used grub-crypt but that does not exist anymore.
> >>> _______________________________________________
> >>> CentOS mailing list
> >>> CentOS at centos.org
> >>> http://lists.centos.org/mailman/listinfo/centos
> >>>
> >>
> >> --
> >> Baptiste AGASSE
> >> Lyra Network, Service Systèmes et Réseaux
> >> 109 Rue de l'innovation, 31670 Labège - France
> >> Tél: (+33)5.67.22.31.87
> >> Fax: (+33)5.67.22.31.61
> >> Mail: baptiste.agasse at lyra-network.com
> >> Site: http://www.lyra-network.com
> >> _______________________________________________
> >> CentOS mailing list
> >> CentOS at centos.org
> >> http://lists.centos.org/mailman/listinfo/centos
> >>
> >
> > But this is for creating passwords for grub2, no?
> >
> > I was asking (altough might not have been clear enough) on how to get the
> > encrypted values for the shadow file entries.
> > grub-crypt used to be able to do that, returning with the encrypted value
> > of a given passphrase starting with $6$
> > _______________________________________________
> > CentOS mailing list
> > CentOS at centos.org
> > http://lists.centos.org/mailman/listinfo/centos
>
>
> Its the default hash used on EL7 by the “passwd” command.
>
> [root at centos7 etc]# grep dgoldsmith /etc/shadow
> dgoldsmith:$6$IoGARIF2$44lyu/9VjFmGsOW (line truncated)
>
> [root at centos7 etc]# tail -3 /etc/login.defs
> # Use SHA512 to encrypt password.
> ENCRYPT_METHOD SHA512
>
> --
> David Goldsmith
>
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>
Right, sha512 was default for rhel6 too.


Am I failing to understand something?

So, lets say I create a new user account, and it was that password (going
against all common password policies) to be "tree"
without using passwd how do i get the sha512 encrypted value of that
password "tree"