On 10/23/2015 10:44 PM, Peter Maloney wrote:
> Not sure that's really right either... maybe it corrects the error for
> you though.
>
> The easiest way to make a proper crypted password is either to use
> usermod, passwd, as normal and then copy from /etc/shadow, or use
> mkpasswd.
>
> Here's a proper example with salt and a proper algorithm:
> # mkpasswd -m SHA-256 -s <<< "hi"
> $5$aiIZoKuCb81Ki$tBcSFQfyetVkJ03TXX5ftw/XJD27Qt5pTABGz7gdUM/
>
> Here is the obsolete insecure md5 algorithm as you have used before.
> You can see here the "$1$..." means it is md5, and is the proper way
> to format it unlike in the simple output you have with ".... | md5sum"
> used.
> # mkpasswd -m md5 -s <<< "hi"
> $1$SFSi8luS$jzco491ys2fylaH8ILLpC.
>
> See man 3 crypt for the details on the format and what it all means.
>
> To install mkpasswd, install the "whois" package.
>
Just in case someone reading needs more info...

In my examples "hi" was the password.

Without a salt, a cracker can crack your hash in an instant using a
rainbow table. Without a rainbow table, an md5sum can be cracked in a
short time, but an sha256 would take much longer; if you have a computer
with 4 high end dual slot double GPUs to do the cracking, maybe it takes
a few weeks.

Also I recommend using a temporary password and changing it after you
use preseed since you probably aren't storing your preseed file securely
anyway... pxe stuff uses tftp and http which doesn't encrypt anything.