hashy
About
hashy
is a CLI tool and Go library for inspection and manipulation of password hashes, such as you may find in /etc/shadow
on Unix systems.
It may be useful to sysadmins or security researchers.
WARNING
Many of the password hash functions implemented in this module are known to be insecure or bad practice.
You probably should not use this module for hashing passwords in any modern application.
Features
- Generate a password hash (similar to
mkpasswd
(code, manpage))
- Identify the format of a password hash (similar to
hash-identifier
)
- Check if a password matches a password hash
- Support a wide range of password hash functions (still a WIP, see the table below)
- Written in pure Go (no cgo)
Design philosophy
hashy
aims for simplicity and good documentation.
It does not aim for speed or to be useful for cracking password hashes; use hashcat for that.
Supported password hash functions
Development work is currently targeting common Linux password hash functions.
If you are interested in a function not listed below please open an issue with documentation / implementation links.
Unix crypt() functions
|
Supported |
Best practice? |
bcrypt |
⏳ |
- |
md5crypt |
✅ |
No, CVE |
scrypt |
⏳ |
- |
sha1crypt |
✅ |
No |
sha256crypt |
✅ |
No |
sha512crypt |
✅ |
No |
yescrypt |
⏳ |
- |
Other software
|
Supported |
Best practice? |
MariaDB/MySQL OLD_PASSWORD() |
✅ |
No, CVE |
Install and Use
Download the latest release binary for your platform, drop it into your $PATH
, and run:
hashy --help
Develop and Build
Clone the git repository locally and run:
make
References / Prior art
These projects were referenced to understand the password hash functions implemented by hashy
:
In addition, hash-identifier
inspired the id
functionality.