md5pass

md5pass
(reads password from standard input or prompts)

md5pass is a utility designed to generate MD5-encrypted password hashes, primarily for use in system password files like /etc/shadow. It reads a password from standard input or prompts the user for it, then applies the MD5 hashing algorithm along with a randomly generated salt to produce a secure, one-way hash.

This hash format is typically prefixed with $1$ and is compatible with systems that use MD5-based password encryption (e.g., Linux, FreeBSD). Its simplicity makes it useful for scripting password changes or generating hashes for new user accounts, although more modern and stronger hashing algorithms are generally preferred for new deployments.

1. Availability: md5pass is not a standard command on all Linux distributions. Users might find mkpasswd (from the whois package) or openssl passwd as more widely available alternatives for generating various types of password hashes.

2. Security: While MD5 was once widely used for password hashing (often referred to as MD5crypt or apr1-md5), it is now considered cryptographically weak compared to modern algorithms. For password hashing, modern systems increasingly prefer stronger algorithms like SHA-256 or SHA-512 with a high number of rounds (e.g., sha512crypt). While md5pass uses a random salt, MD5 itself is faster to brute-force than newer algorithms. It is generally recommended to use more robust hashing schemes for new password entries if the system supports them.

3. No direct salt control: Many md5pass implementations do not offer direct control over the salt, generating a random one automatically. While convenient for basic use, this lacks flexibility for specific scenarios.

The command expects the password to be provided via standard input (e.g., echo "secret" | md5pass) or by prompting the user interactively if standard input is not redirected. It does not typically accept the password as a command-line argument for security reasons (to prevent it from appearing in shell history or process listings).

The output is a single string representing the MD5-hashed password, usually in the format $1$SALT$HASH. This format includes the algorithm identifier ($1$), the generated salt, and the final hash, making it directly usable in files like /etc/shadow.

md5pass emerged as a utility alongside the adoption of MD5-based password hashing in Unix-like systems, notably in FreeBSD and later in Linux for the /etc/shadow file format. It provided a simple, dedicated tool for generating these specific hashes, building upon the crypt(3) library function's capability to use MD5.

Its usage has somewhat diminished with the rise of more general password hashing tools like mkpasswd and the move towards stronger hashing algorithms (SHA-256, SHA-512) for enhanced security in modern operating systems.

passwd(1), useradd(8), crypt(3), mkpasswd(1), openssl(1)