Generate SHA-512 password hash

generate_passwordhash.py

#!/usr/bin/env python3
import argparse
import crypt
import getpass
import random
import string
import sys

def parse_args():
    parser = argparse.ArgumentParser(description='Generate SHA-512 crypt() password hash with configurable number of rounds')
    parser.add_argument('--rounds', type=int, help='Number of rounds', default=10000)
    return parser.parse_args()

def create_salt(length):
    rng = random.SystemRandom()
    alphabet = string.ascii_letters + string.digits
    return ''.join(random.choice(alphabet) for _ in range(0, length))

def hash_password(rounds, password):
    salt = create_salt(16)
    password_base = '$6$rounds={rounds}${salt}$'.format(rounds=rounds, salt=salt)
    return crypt.crypt(password, password_base)

def main():
    args = parse_args()

    password = getpass.getpass()
    verify_password = getpass.getpass(prompt='Verify password')
    if password != verify_password:
        print('Passwords do not patch.', file=sys.stderr)
        sys.exit(1)
    pwhash = hash_password(rounds=args.rounds, password=password)
    print(pwhash)

if __name__ == '__main__':
    main()