Starting with openssl v3.0.0 one can generate the Traccar password hash with the openssl CLI as well.
Example for linux users:
# generate a random salt in hexadecimal format
salt="$(dd if=/dev/urandom bs=24 count=1 status=none | xxd -p)"
# generate the password hash
openssl kdf -keylen 24 -kdfopt digest:sha1 -kdfopt pass:put_the_password_here -kdfopt hexsalt:$salt -kdfopt iter:1000 pbkdf2
Since openssl v3.0.0+ is quite new (at the time I write this comment), not too many linux distributions have it installed by default. Usually people have OpenSSL v1.1.1+.
One can get an OpenSSL v3.0.0 CLI from the conan package manager.
If you already have python and pip, then it's quite easy:
pip install conan
mkdir openssl_workdir
cd openssl_workdir
conan install openssl/3.0.1@ -r=conancenter -g deploy
ls -al openssl/bin/openssl
And don't forget to reference this new openssl CLI by specifying the proper path for it:
./openssl/bin/openssl kdf -keylen 24 -kdfopt digest:sha1 -kdfopt pass:put_the_password_here -kdfopt hexsalt:$salt -kdfopt iter:1000 pbkdf2
This is cool, thanks for sharing.
If somebody uses the embedded H2 database with Traccar (as I do since I only use it for myself, i.e. a single user with a single device, which means a minuscule load to handle), then here's a complete example on how to update a user's password from a shell (or shell script):
# generate a random salt
salt="$(dd if=/dev/urandom bs=24 count=1 status=none | xxd -p)"
# generate the password hash from the contents of the "password" variable (which you've to set yourself to the new cleartext password)
hash="$(openssl-3.0.1 kdf -keylen 24 -binary -kdfopt digest:sha1 -kdfopt "pass:$password" -kdfopt "hexsalt:$salt" -kdfopt iter:1000 pbkdf2 | xxd -p)"
# uncomment the following line to print out both the salt and the password hash (if you want to)
#echo -e "salt: $salt\nhash: $hash"
# set the value of "tchome" to the path of the Traccar directory
tchome="/opt/traccar"
# and finally update the password (and salt) of the default "admin" user
java -cp "$tchome/lib/h2-"*".jar" org.h2.tools.Shell -url "jdbc:h2:$tchome/data/database" -user sa -sql "update tc_users set hashedpassword='$hash', salt='$salt' where email = 'admin';"
Remember to stop the Traccar service before you run this or you'll get a "file is locked" exception. The H2 client in Traccar locks the database to ensure its consistency/health since H2 is not designed for being written to in parallel by multiple processes.
Long time ago, this post was made, but it is no longer valid.
I wonder if anyone have updated that version.
in case that someone needs to create an account in traccar users table:
$name = "the_name"; $email = "the_email"; $password = "the_password"; $string = mcrypt_create_iv(24, MCRYPT_DEV_URANDOM); $salt = strtoupper(bin2hex($string)); $hash = hash_pbkdf2("sha1", $password, $string, 1000, 24, true); $hash = strtoupper(bin2hex($hash));
finally execute the following query:
INSERT INTO users (name, email, hashedpassword, salt, readonly, admin, map, language, distanceunit, speedunit, latitude, longitude, zoom) VALUES ('$name', '$email', '$hash', '$salt', 0, 0, 'osm', 'en', 'km', 'kmh', 0, 0, 0);
https://www.traccar.org/forums/topic/login-php-hash-and-salt/#post-5191