Go to main content

man pages section 1: User Commands

Exit Print View

Updated: Thursday, June 13, 2019
 
 

pwhash (1)

Name

pwhash - generate password hashes

Synopsis

pwhash [ -a <hashalgorithm> | -s <salt>] [ -u <user> ] 

Description

With no arguments pwhash prompts for input (and reconfirms) and generates a password hash by using crypt_gensalt(3C) followed by crypt(3C), and then displays the generated hash on stdout.

If input is redirected from stdin then that is used instead. The password is only required once on stdin. When reading from stdin, if the last character is a newline, it is discarded.

Options

The following options are supported:

–a
–-algorithm=<algorithm>

Specifies a preference for the algorithm. If the algorithm is not allowed or does not exist, an error is shown.

The values are as per the key in crypt.conf(5). For example, __unix__, 1, md5, 2a, 5, and 6.

–s
–-salt=<salt>

Full specification of the algorithm and salt. This option bypasses the crypt_gensalt(3C) call and instead passes the supplied salt directly to crypt(3C). This option is mutually exclusive with –a.

–u
–-user=<user>

Specifies the username to be used with crypt_gensalt(3C). Note that while the API allows for it, no current plugins delivered with Oracle Solaris for crypt_gensalt(3C) make use of this.

If the user is not found then an error is returned and no hash is generated.

–h
–-help

Displays the usage message.

Examples

Example 1 Generating a SHA256 Based Hash Typing in the Password

The following example generates a SHA256 based hash typing in the password.

$ pwhash -a 5 
Password: 
Re-enter Password: 
$5$DA/w/BgH$cB394/iYqj6pk/J6W0smfmKsGrYSGeWUvHsIMnUaZh. 
Example 2 Generating a Hash Using the System Default Algorithm Using stdin

The following example generates a hash by using the system default algorithm using stdin.

$ pwhash <<EOM 
Ap@ssW0rdOnStdIN 
EOM 
$5$abaev.V6$9uyBXruzgbZn/OhqtIbvrjHpuoyDFbkQkJ47pdZA/JC 
Example 3 Generating a Hash Using an Existing Salt Specification

The following example generates a hash by using an existing salt specification.

$ pwhash -s '$5$abaev.V6$' 
     Password: 
     Re-enter Password: 
     $5$abaev.V6$0pPY.0X/4tsis67eCsMdJ63NO9cfHKokKvjtTOQ80jA 
Example 4 Attempting to Generate a Hash Using a Deprecated Algorithm

The following example attempts to generate a hash by using a deprecated algorithm

$ pwhash -a __unix__ 
Requested algorithm not allowed by current crypt policy, see 
policy.conf(5).

Attributes

See attributes(7) for descriptions of the following attributes:

ATTRIBUTE TYPE
ATTRIBUTE VALUE
Interface Stability

See Also

crypt(3C), crypt_gensalt(3C), policy.conf(5), crypt.conf(5)