Creating SHA512 Password Hashes

Posted on March 24, 2011 by jjneely

Need to generate password hashes? Perhaps to distribute the hash of the root password to all your machines? Easy, just whip out openssl. Until you realize that there is no support for SHA2 password hashes.

I hate re-inventing the wheel, but my searching did not turn up a good way to generate SHA512 password hashes reasonably. So I wrote a bit of Python to do it. It will output crypt(), MD5, and SHA512 hashes for a given password.

http://linuxczar.net/code/hashpw.py

This takes advantage of GNU libc extensions, so it may not be uber portable. Also, I had to write my own salt generation method. It provides 8 character random salts but could be better.

All semi-modern Linux distributions support SHA512 password hashes now. Red Hat has backported the support to RHEL 4.7 and RHEL 5.3. So any reasonably updated RHEL/CentOS machine will work.

Mental Note: Generating x509 Certificates and CAs

Posted on September 28, 2010 by jjneely

No one can remeber the incantations required to generate x509 certificates with openssl. One of the things I always dislike having to look up every time I need such.

The following site has a great reference, Makefiles, and configuration for generating your CA, keys, and host certificates en mass. I found it useful and am writing it down so I find it useful again.

http://sial.org/howto/openssl/ca/

Linux Czar

Talk of Linux and Technology carefully hidden inside the academic world.

Tag Archives: openssl

Creating SHA512 Password Hashes

Mental Note: Generating x509 Certificates and CAs