hashy is a CLI tool and Go library for inspection and manipulation of password hashes, such as you may find in /etc/shadow on Unix systems.
It may be useful to sysadmins or security researchers.
WARNING
Many of the password hash functions implemented in this module are known to be insecure or bad practice. You probably should not use this module for hashing passwords in any modern application.
- Generate a password hash (similar to
mkpasswd(code, manpage)) - Identify the format of a password hash (similar to
hash-identifier) - Check if a password matches a password hash
- Support a wide range of password hash functions (still a WIP, see the table below)
- Written in pure Go (no cgo)
hashy aims for simplicity and good documentation.
It does not aim for speed or to be useful for cracking password hashes; use hashcat for that.
Development work is currently targeting common Linux password hash functions. If you are interested in a function not listed below please open an issue with documentation / implementation links.
| Supported | WIP |
|---|---|
| ✅ | ⏳ |
| Supported | Best practice? | |
|---|---|---|
| bcrypt | ⏳ | - |
| md5crypt | ✅ | No, CVE |
| scrypt | ⏳ | - |
| sha1crypt | ✅ | No |
| sha256crypt | ✅ | No |
| sha512crypt | ✅ | No |
| yescrypt | ⏳ | - |
| Supported | Best practice? | |
|---|---|---|
MariaDB/MySQL OLD_PASSWORD() |
✅ | No, CVE |
Download the latest release binary for your platform, drop it into your $PATH, and run:
hashy --help
Clone the git repository locally and run:
make
These projects were referenced to understand the password hash functions implemented by hashy:
In addition, hash-identifier inspired the id functionality.