[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Antw: Re: SHA-2 and other hashes
>>> "Norman Gray" <gray@nxg.name> schrieb am 03.06.2019 um 16:13 in Nachricht
<BFD15D85-2DCE-4E3A-8CF6-04190CD520C4@nxg.name>:
> Ulrich, hello.
>
> On 3 Jun 2019, at 13:50, Ulrich Windl wrote:
>
>> ie, pretty much what I expected ‑‑ but in glibc's crypt(3), the
>> $5$ and
>>> $6$ hashes are the result of an unspecified number of rounds of such
>>> hashing (the $1$/MD5 glibc hash does appear to be compatible with
>>> OpenLDAP {SMD5}, though). (Quite possibly everyone else in the world
>>> already knew this, but I didn't!)
>>
>>
>> Hi!
>>
>> First the number of rounds is NOT unspecified: It
>> s explicitly specified, it's optional, and (I think) it defaults to
>> one.
>
> Good point -- the number of rounds is indeed exposed.
>
> If I'm correctly reading crypt/sha256-crypt.c in
> <https://ftp.gnu.org/gnu/glibc/>, then the default number of rounds is
> 5000 and, as you say, the number of rounds can be indicated in a
> param=value clause in the passwd string (as gestured towards in
> <https://github.com/P-H-C/phc-string-format/blob/master/phc-sf-spec.md>).
>
> But I may have been unclear: by 'unspecified' I meant 'not described in
> a formal specification' (as far as I can see), so that I would not be
> comfortable trying to reimplement the glibc password-hashing process
> based on documentation alone.
Correct; I read the manual, not the source, nad there the default number of
rounds was not mentioned.
>
> Best wishes,
>
> Norman
>
>
> --
> Norman Gray : https://nxg.me.uk