How to create an encrypted blank password with sha512

First let me explain why I want to do something like that. By the way at the bottom of this article is the one-liner which will do what you want. I just like to write a bit more for those who find it entertaining.

First of all, because it’s fun. So I’m a geek and my idea of fun may be a bit diluted, but finding out how to do it was fun. Secondly it’s just a tad more secure than having a blank in /etc/shadow which is just to easy to spot. And in the third place users with blank password can have annoying limitations. As it should be, I must admit.

And finally, which is actually the reason for having blank passwords in the first place, this computer is used by my little nieces and my mother and I don’t want to burden any of them with a password. Yes I can proudly say that my 9 year old niece has been using Linux for years. 🙂 Who says Linux is hard?

And to anyone having that prejudice I can only suggest trying to install windows by themselves, spend two days rebooting and updating (they go hand in hand) and fixing those annoying update problems and the accompanying incomprehensible error messages. Compare that with installing Linux, which would take you about an hour to have a fully functioning completely updated system with all the programs you need and just those and all of that without needing to have any technical knowledge, provided you choose an easy distribution like Ubuntu or one of its derivatives.

Sorry for my rambling, but I just spend a weekend installing a laptop with a messed up recovery, for which I needed to download the windows aik, burn a windows recovery disk on another pc and use the terrible Microsoft command prompt. And let’s not forget all those nice free programs on windows which all want to install other programs and tool bars you don’t need, or search engines that can’t find a single useful bit of information. And of course each time they update you’ll get the same, all for your convenience.

Enough about my frustration with Windows. So I knew it was possible to have a blank encrypted password, because I know Ubuntu did it. They may still do, but I don’t use it anymore since it wasn’t made for me. I make to many customizations and that doesn’t work well with doing an upgrade to a new version. Arch is my weapon of choice nowadays. Well anyway, let’s get back to the subject at hand.

All the password are stored in /etc/shadow, not the passwords themselves of course, but a salted hash. On this page I found a very good description of the file format. As it says in the comments, it explains a lot of aspects others overlooked. The next question was: “How does one create a salted hash?” To which I found the answer on serverfault. That’s all just nice and fine but I wanted the salt to be random, so that each of my users would have a ‘unique’ password, at least by the look of it, in /etc/shadow. Which meant I needed a random string. That’s where this page helped out.

Combining all that information into one line, you’ll get:


python2 -c 'import crypt; print crypt.crypt("", "$6$'$(date +%s | sha256sum | base64 | head -c 8)'")'

Just copy and paste the line above to your terminal and it will output a random encrypted blank password. This should output something like this:
$6$ZjA1OGQ3MjQyYTY3$LhiJVq8kq9ezxbHjeElvCb8q.99UUFKinNij6eeV.F.NGH4Kw2hHDS6VYVDNwJm66wpxsPYjIoVrVWAOKVJcp/

Pretty nifty, ain’t it? Don’t get mislead by the sha256sum. It’s just for creating the random salt. Python does the encryption and “$6$” means it’s sha512, which is the standard nowadays. Since it’s in python 2, I had to change python from the original post to python2. It might be named differently on your distribution, but that’s how it’s called on Arch. All you need to do now is open /etc/shadow and paste the output string into it. I presume you know how to do that. Otherwise, just follow the link above and read that post.

Advertisements

Tags: , , , , , , , ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: