Home Linux Commands How to Generate Encrypted Password Hashes with mkpasswd Command

How to Generate Encrypted Password Hashes with mkpasswd Command

In today’s digital world, every user of information technology desires to enhance the security of their computer to secure their digital assets. For this purpose, passwords are utilized as a protective measure.

However, due to the escalating rates of cybercrime, these passwords require hashing, a process that transforms them into fixed-length strings of characters, making their modification unchangeable, which makes it difficult for hackers to crack/guess your password.

To fulfill this emerging demand, Linux offers an incredible command-line password hashing algorithm known as the “mkpasswd” command which stands out as a commonly utilized command.

This guide will cover the process of installing mkpasswd to generate encrypted password hashes or password-based encryption keys in Linux.

Install mkpasswd in Linux

The ‘mkpasswd‘ command is used to generate SHA-512 encrypted password hashes or password-based encryption keys to enhance the security of your Linux distribution.

To install mkpasswd on a Linux system, you can use the package manager specific to your distribution as shown.

$ sudo apt install whois        [On Debian, Ubuntu and Mint]
$ sudo yum install expect       [On RHEL/CentOS/Fedora and Rocky/AlmaLinux]
$ sudo emerge -a whois          [On Gentoo Linux]
$ sudo apk add mkpasswd         [On Alpine Linux]
$ sudo pacman -S whois          [On Arch Linux]
$ sudo zypper install whois     [On OpenSUSE]    

Now that you’ve installed the “mkpasswd” command, let’s dive into the syntax of this incredible utility.

$ mkpasswd [OPTIONS]... [PASSWORD [SALT]]

Let’s break it down to get a better understanding:

  • Options (also known as “flags”) – They are used to change the conduct/behavior of the command.
  • Password – This indicates the password for which an encrypted hash is to be generated.
  • Salt – This is an optional value utilized in the process of encryption to enhance the security of the password hash.

To create a password hash, we require the “Type”, “Password”, and “Salt” parameters. In case any of these parameters are missing:

  • Type – Omitting the “type” parameter would lead to an error message. By using the “mkpasswd --help” command, you can list the password hash types.
  • Password – If the “password” parameter is missing, the command will prompt the user to enter the password.
  • Salt – If the “salt” parameter is omitted, a random one will be selected based on the Linux distribution you are using.

To see the brief introduction along with the options and usage, you can type.

$ mkpasswd --help
mkpasswd Command Help
mkpasswd Command Help

How to Generate MD5 Password Hash With a Salt

The MD5 algorithm (which stands for Message Digest Algorithm 5) is a cryptographic hash function utilized to produce a hash value of 128 bits (16 bytes).

To create a specified password hash with a designated salt, you can employ the '-m' flag for the hash and the '-S' flag to provide the salt.

Let’s execute the stated command to create the MD5 password hash with “UMsalt12” salt, for the password “UbuntuMintPassword”.

$ mkpasswd -m md5 -S UMsalt12 UbuntuMintPassword


How to Save Generated Hash in a File

In scenarios where you wish to maintain a record of the generated password hashes, Linux offers a convenient way to automatically save them in a file on your system.

You can achieve this by using the right-angle brackets '>>' followed by the file’s name to redirect the password hashes into that file, as shown below:

$ mkpasswd -m md5 -S UMsalt12 UbuntuMintPassword >> output.txt

After executing this command, the generated password hashes will be appended to the “output.txt” file.

To view the content stored in the “output.txt” file, you can use the cat command as shown.

Save Generated Hash in File
Save Generated Hash in File

How to Generate SHA-256 Password Hash Without Salt

In some instances, you may not specify a particular salt for your hash. In this situation, Linux will automatically select a random salt value for your hash!

The random choice of the salt depends on the version of your Linux distribution. Hence, it varies from system to system. To achieve an unsystematic selection of a salt value, simply exclude the '-S' flag within the command.

To create an SHA-256 password hash for the password “UbuntuMintPassword” without explicitly indicating a salt, execute the following command:

$ mkpasswd -m sha-256 UbuntuMintPassword


Note: The SHA-256 is a cryptographic hashing function that takes an input of variable length and produces a 256-bit long hash output.

How to Generate SHA-256 Password Hash With Salt and Number of Rounds

Moving forward, let’s elevate your password security with an added layer of protection by generating an SHA-512 Password Hash. By specifying a salt and a designated number of rounds, you can enhance the strength of your password.

The more the number of rounds you specify, the more difficult it is for cyber criminals to crack your password! This is because the number of rounds directly impacts the time and computational resources required for hash computation.

Let’s execute this command to specify 1000 rounds using the '-R' flag, along with the “UMsalt12” salt and SHA-512 hash for the password “UbuntuMintPassword”.

$ mkpasswd -m sha-512 -S UMsalt12 -R 10000 UbuntuMintPassword


How to Generate SHA-256 Hash from Password File

Now let’s delve into passing an input string to generate a hashed password by utilizing the echo command to provide the input string “UbuntuMintPassword“.

Additionally, make use of the '-m' flag to specify the SHA-256 hashing algorithm, and include the '-s' flag, which instructs the command to read the password from the provided input:

$ echo "UbuntuMintPassword" | mkpasswd -m sha-256 -s


How to Create MD5 Password Hash Using File Contents as Input

Next, let’s use the contents of a file as input to create an MD5 password hash and store the result in the same file.

In this context, we’ll work with the file named “UbuntuMint.txt” which provides the contents of file to the “mkpasswd” command using the '-P 3' option defines that you read the password from file descriptor 3.

The '3< UbuntuMint.txt' establishes the connection between file descriptor 3 and the “UbuntuMint.txt” file:

$ mkpasswd -m md5 -P 3 < UbuntuMint.txt 3< UbuntuMint.txt
Create MD5 Password Hash Using File Contents
Create MD5 Password Hash Using File Contents

How to Create a Hash Generator Bash Script

Finally, let’s streamline the password hash encryption process through automation. As the “mkpasswd” command facilitates you to make hash generators stored in a bash file.

All you’ll have to do is to call the file and the hash generator will start processing and you will be freed from the need of using the “mkpasswd” command again and again.

To do so, create a file named “UbuntuMintHashGenerator.sh” using the nano editor:

$ nano UbuntuMintHashGenerator.sh

Now copy and paste this code to your file.


echo "Welcome to UbuntuMint Hash Generator"
echo "----------------------------------------"

generate_hash() {
	echo "Password Hashing Script"
	echo "1. MD5"
	echo "2. SHA-256"
	read -p "Choose a hash method (1/2): " method

	if [ "$method" == "1" ]; then
	elif [ "$method" == "2" ]; then
    	echo "Invalid choice."

	read -p "Enter the salt (leave blank for default): " salt
	read -p "Enter the number of rounds (leave blank for default): " rounds

	read -p "Enter the password you want to hash: " password

	command="mkpasswd -m $hash_method"
	if [ ! -z "$salt" ]; then
    	command="$command -S $salt"
	if [ ! -z "$rounds" ]; then
    	command="$command -R $rounds"

	hash=$(echo "$password" | $command -s)
       echo "---------------------------------------------------------"
       echo " Generated hash: $hash"
       echo "---------------------------------------------------------"

while true; do

	read -p "Do you want to generate another hash? (y/n): " choice
	if [ "$choice" != "y" ]; then
    	echo "Good Bye!"

Here is a brief explanation of what this bash script is doing:

  • It firstly welcomes the user to Ubuntu Hash Generator.
  • Then it asks the user about the password hashing script of his choice. Here we’ve given the option of MD5 and SHA-256.
  • Furthermore, the user is asked to enter the desired salt and number of rounds (optional). If the user does not want to enter any salt or number of rounds, simply leave it blank.
  • After this, the user will be asked to enter the password for which hash is to be generated.
  • Now, after getting all inputs from the user, the hash will be generated and displayed on the console.
  • Lastly, the script offers the user a choice: they can decide whether to generate a hash for another password or exit the program.

Save the file after pasting the code in it and exit by pressing the “CTRL + O” keys.

To make this script executable, you’ll need to use the chmod command to change its permission to .executable. After that, you can use the './' prefix followed by the respective file name to run the script.

$ chmod +x UbuntuMintHashGenerator.sh
$ ./UbuntuMintHashGenerator.sh

After the execution of the script, carefully follow the instructions provided by the script and input the necessary parameters to generate your desired password hash.

Ubuntu Hash Generator Bash Script
Ubuntu Hash Generator Bash Script

In today’s digital world, enhancing the security of personal information is a highly demanded desire of computer users. For this purpose, we hash passwords using different algorithms.

This guide provides comprehensive detail about the “mkpasswd” command in Linux which helps in hashing passwords to ensure their protection. We have also explored several examples to explain the use of this beneficial command.

Ravi Saive
I am an Experienced GNU/Linux expert and a full-stack software developer with over a decade in the field of Linux and Open Source technologies. Founder of TecMint.com, LinuxShellTips.com, and Fossmint.com. Over 150+ million people visited my websites.

Each tutorial at UbuntuMint is created by a team of experienced writers so that it meets our high-quality standards.

Was this article helpful? Please add a comment to show your appreciation and support.

Got something to say? Join the discussion.

Thanks for choosing to leave a comment. Please keep in mind that all comments are moderated according to our comment policy, and your email address will NOT be published or shared. Please Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.