diff options
| author | Konstantin Shemyak <konstantin@shemyak.com> | 2017-09-04 21:53:53 +0300 |
|---|---|---|
| committer | Michael Kerrisk <mtk.manpages@gmail.com> | 2017-09-05 19:49:35 +0200 |
| commit | 84bee58c24fb964a61f01dfd35417d43c6bb85cc (patch) | |
| tree | 25342722792424ba69c9277b4ba2150e31b3969f /man3/crypt.3 | |
| parent | d32b36982dc108a345babbd7490131729cb0c60c (diff) | |
| download | man-pages-84bee58c24fb964a61f01dfd35417d43c6bb85cc.tar.gz | |
crypt.3: Add description of previously undocumented 'rounds' parameter
Files crypt/sha{256,512}-crypt.c in the glibc source define
macros:
/* Default number of rounds if not explicitly specified. */
#define ROUNDS_DEFAULT 5000
/* Minimum number of rounds. */
#define ROUNDS_MIN 1000
/* Maximum number of rounds. */
#define ROUNDS_MAX 999999999
And the main encryption function __sha512_crypt_r() sets:
rounds = MAX (ROUNDS_MIN, MIN (srounds, ROUNDS_MAX));
One can check that for example
crypt("key", "$5$rounds=1$salt")
returns the string
$5$rounds=1000$salt$PWLKU7MTJ0s5M/mjBPcqnMsorm3qKyoBctxmZ1mNwn2
This parameter has been introduced in glibc 2.7.
Signed-off-by: Konstantin Shemyak <konstantin@shemyak.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Diffstat (limited to 'man3/crypt.3')
| -rw-r--r-- | man3/crypt.3 | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/man3/crypt.3 b/man3/crypt.3 index 375ef9384f..c9aec5b431 100644 --- a/man3/crypt.3 +++ b/man3/crypt.3 @@ -249,6 +249,21 @@ In the MD5 and SHA implementations the entire .I key is significant (instead of only the first 8 bytes in DES). +.PP +SHA-256 and SHA-512 implementations support user-supplied number of +hashing rounds, defaulting to 5000. +If the "$\fIid\fP$" characters in the salt are +followed by "rounds=\fIxxx\fP$" and \fIxxx\fP is an integer, then the +result has the form +.RS +.PP +$\fIid\fP$\fIrounds=yyy\fP$\fIsalt\fP$\fIencrypted\fP +.PP +.RE +where \fIyyy\fP is the actual number of hashing rounds used. +The number actually used is 1000 if the supplied number is less than +1000, 999999999 if the supplied number is greater than 999999999, and +equal to the supplied number otherwise. .SH SEE ALSO .BR login (1), .BR passwd (1), |