2014-08-28 1:15 GMT+02:00 Darod Zyree <darodzyree at gmail.com>: > 2014-08-28 0:51 GMT+02:00 David Goldsmith <dgoldsmith at sans.org>: > > > On Aug 27, 2014, at 6:37 PM, Darod Zyree <darodzyree at gmail.com> wrote: > > > > > 2014-08-27 16:07 GMT+02:00 Baptiste Agasse < > > baptiste.agasse at lyra-network.com > > >> : > > > > > >> > > >> > > >> ----- Mail original ----- > > >>> Hi, > > >>> > > >>> Whats the new way of creating sha512 passwords in EL7? > > >> > > >> > > >> > > > https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/sec-GRUB_2_Password_Protection.html#sec-Password_Encryption > > >> > > >>> In Centos6 I used grub-crypt but that does not exist anymore. > > >>> _______________________________________________ > > >>> CentOS mailing list > > >>> CentOS at centos.org > > >>> http://lists.centos.org/mailman/listinfo/centos > > >>> > > >> > > >> -- > > >> Baptiste AGASSE > > >> Lyra Network, Service Systèmes et Réseaux > > >> 109 Rue de l'innovation, 31670 Labège - France > > >> Tél: (+33)5.67.22.31.87 > > >> Fax: (+33)5.67.22.31.61 > > >> Mail: baptiste.agasse at lyra-network.com > > >> Site: http://www.lyra-network.com > > >> _______________________________________________ > > >> CentOS mailing list > > >> CentOS at centos.org > > >> http://lists.centos.org/mailman/listinfo/centos > > >> > > > > > > But this is for creating passwords for grub2, no? > > > > > > I was asking (altough might not have been clear enough) on how to get > the > > > encrypted values for the shadow file entries. > > > grub-crypt used to be able to do that, returning with the encrypted > value > > > of a given passphrase starting with $6$ > > > _______________________________________________ > > > CentOS mailing list > > > CentOS at centos.org > > > http://lists.centos.org/mailman/listinfo/centos > > > > > > Its the default hash used on EL7 by the “passwd” command. > > > > [root at centos7 etc]# grep dgoldsmith /etc/shadow > > dgoldsmith:$6$IoGARIF2$44lyu/9VjFmGsOW (line truncated) > > > > [root at centos7 etc]# tail -3 /etc/login.defs > > # Use SHA512 to encrypt password. > > ENCRYPT_METHOD SHA512 > > > > -- > > David Goldsmith > > > > > > _______________________________________________ > > CentOS mailing list > > CentOS at centos.org > > http://lists.centos.org/mailman/listinfo/centos > > > > > Right, sha512 was default for rhel6 too. > > > Am I failing to understand something? > > So, lets say I create a new user account, and it was that password (going > against all common password policies) to be "tree" > without using passwd how do i get the sha512 encrypted value of that > password "tree" > This thread on Server Fault[1] suggests the following one-liner: python -c 'import crypt; print crypt.crypt("tree", "$6$random_salt")' - Jitse [1] http://serverfault.com/questions/330069/how-to-create-an-sha-512-hashed-password-for-shadow