2014-08-28 0:51 GMT+02:00 David Goldsmith <dgoldsmith at sans.org>: > On Aug 27, 2014, at 6:37 PM, Darod Zyree <darodzyree at gmail.com> wrote: > > > 2014-08-27 16:07 GMT+02:00 Baptiste Agasse < > baptiste.agasse at lyra-network.com > >> : > > > >> > >> > >> ----- Mail original ----- > >>> Hi, > >>> > >>> Whats the new way of creating sha512 passwords in EL7? > >> > >> > >> > https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/sec-GRUB_2_Password_Protection.html#sec-Password_Encryption > >> > >>> In Centos6 I used grub-crypt but that does not exist anymore. > >>> _______________________________________________ > >>> CentOS mailing list > >>> CentOS at centos.org > >>> http://lists.centos.org/mailman/listinfo/centos > >>> > >> > >> -- > >> Baptiste AGASSE > >> Lyra Network, Service Systèmes et Réseaux > >> 109 Rue de l'innovation, 31670 Labège - France > >> Tél: (+33)5.67.22.31.87 > >> Fax: (+33)5.67.22.31.61 > >> Mail: baptiste.agasse at lyra-network.com > >> Site: http://www.lyra-network.com > >> _______________________________________________ > >> CentOS mailing list > >> CentOS at centos.org > >> http://lists.centos.org/mailman/listinfo/centos > >> > > > > But this is for creating passwords for grub2, no? > > > > I was asking (altough might not have been clear enough) on how to get the > > encrypted values for the shadow file entries. > > grub-crypt used to be able to do that, returning with the encrypted value > > of a given passphrase starting with $6$ > > _______________________________________________ > > CentOS mailing list > > CentOS at centos.org > > http://lists.centos.org/mailman/listinfo/centos > > > Its the default hash used on EL7 by the “passwd” command. > > [root at centos7 etc]# grep dgoldsmith /etc/shadow > dgoldsmith:$6$IoGARIF2$44lyu/9VjFmGsOW (line truncated) > > [root at centos7 etc]# tail -3 /etc/login.defs > # Use SHA512 to encrypt password. > ENCRYPT_METHOD SHA512 > > -- > David Goldsmith > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > > Right, sha512 was default for rhel6 too. Am I failing to understand something? So, lets say I create a new user account, and it was that password (going against all common password policies) to be "tree" without using passwd how do i get the sha512 encrypted value of that password "tree"