[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: SHA-2 and other hashes
Ulrich, hello.
On 3 Jun 2019, at 13:50, Ulrich Windl wrote:
ie, pretty much what I expected ‑‑ but in glibc's crypt(3), the
$5$ and
$6$ hashes are the result of an unspecified number of rounds of such
hashing (the $1$/MD5 glibc hash does appear to be compatible with
OpenLDAP {SMD5}, though). (Quite possibly everyone else in the world
already knew this, but I didn't!)
Hi!
First the number of rounds is NOT unspecified: It
s explicitly specified, it's optional, and (I think) it defaults to
one.
Good point -- the number of rounds is indeed exposed.
If I'm correctly reading crypt/sha256-crypt.c in
<https://ftp.gnu.org/gnu/glibc/>, then the default number of rounds is
5000 and, as you say, the number of rounds can be indicated in a
param=value clause in the passwd string (as gestured towards in
<https://github.com/P-H-C/phc-string-format/blob/master/phc-sf-spec.md>).
But I may have been unclear: by 'unspecified' I meant 'not described in
a formal specification' (as far as I can see), so that I would not be
comfortable trying to reimplement the glibc password-hashing process
based on documentation alone.
Best wishes,
Norman
--
Norman Gray : https://nxg.me.uk