# [SOLVED] manually hash passwords

## dpaddy

I am root, and know what plaintext password was used for user foo.

Given that information, how can I manually create the entry for user foo that I find in /etc/shadow?

At this point I appreciate the fact that various files can influence how the entry for user foo in /etc/shadow is created.

But what files do I look at, what information do I extract from those files (and how), and then how do I use the information obtained together with knowledge of the plaintext password used for user foo to obtain the entry for user foo that I find in /etc/shadow?

I have seen https://forums.gentoo.org/viewtopic-t-677261-highlight-openssl+passwd.html but can't make things work.

What I find in /etc/shadow is

foo:$1$5xo...:17407:0:99999:7:::

where '...' indicates characters I have omitted, but

openssl passwd -1 -salt \$1 plaintext_password 

does not produce what is in /etc/shadow.  What does  :Question: Last edited by dpaddy on Thu Aug 31, 2017 7:33 pm; edited 1 time in total

----------

## fedeliallalinea

From internet (never tested):

```
# emerge whois

# mkpasswd -m sha-512 PASSWORD
```

----------

## dpaddy

You may have nudged me in the right direction, but I still do not get what is stored in /etc/shadow...

Every time I execute 

```
 mkpasswd -m sha-512 PASSWORD 
```

I get a different answer.

I conjecture that has to do with (random?) salt...  But where is the salt for user foo stored -- and how do I extract it -- so that I can use it to generate the hash of foo's password?

----------

## dpaddy

I had previously looked (for quite some time, finding nothing that worked), but this time found the answer:

https://www.aychedee.com/2012/03/14/etc_shadow-password-hash-formats/

Thanks

----------

## fedeliallalinea

 *dpaddy wrote:*   

> I conjecture that has to do with (random?) salt...  But where is the salt for user foo stored -- and how do I extract it -- so that I can use it to generate the hash of foo's password?

 

```
$ mkpasswd -m sha-512 test -s xxxxxxxx

$6$xxxxxxxx$En/.y52/cZHAwsz.3QyXMCNpW8H7uHgWY4xS3rurbDH3atFhh2nCspgYuq1wWUK9F/Qz2r3r5Z6wP4Jepydsi1

   \______/

     salt
```

----------

## szatox

Do you have an actual reason to do that manually?

Why not just go for:

```
# passwd foo
```

You could also use it's batch-oriented counterpart, chpasswd if you needed a non-interactive tool.

----------

