Generating a secure sha512 crypt() / htpasswd / passwd hash

The /etc/passwd hash system, as well as htpasswd files used by apache and nginx all use an underlying system call called crypt to generate and verify secure password hashes.

Attempting to generate these hashes programatically is a bit of a nightmare for some reason - and googling mostly gets you terrible results.

Here is the simplest portable approach I'm aware of to generate hashes.

python -c "from passlib.hash import sha512_crypt; import getpass; print sha512_crypt.encrypt(getpass.getpass('clear-text password: '))"

Depending on where this is being checked, you might need to alter the number of rounds. The default setting is suitable for a unix password, but not great for an HTTP basic auth password as it takes around 500ms to check.

print sha512_crypt.encrypt(getpass.getpass('clear-text password: '), rounds=5000)

Credit goes to Danny for finding this.