CRYPT_SHA256(7) Standards, Environments, and Macros CRYPT_SHA256(7)
NAME
crypt_sha256 - password hashing module using SHA-256 message hash
algorithm
SYNOPSIS
/usr/lib/security/$ISA/crypt_sha256.soDESCRIPTION
The
crypt_sha256 module is a one-way password hashing module for use
with
crypt(3C) that uses the SHA-256 message hash algorithm. The
algorithm identifier for
crypt.conf(5) and
policy.conf(5) is
5.
This module is designed to make it difficult to crack passwords that
use brute force attacks based on high speed SHA-256 implementations
that use code inlining, unrolled loops, and table lookup.
The maximum password length for
crypt_sha256 is 255 characters.
The following options can be passed to the module by means of
crypt.conf(5):
rounds=<positive_number> Specifies the number of rounds of SHA-256 to use in generation of
the salt; the default number of rounds is 5000. Negative values
have no effect and are ignored. The minimum number of rounds
cannot be below 1000.
The number of additional rounds is stored in the salt string
returned by
crypt_gensalt(3C). For example:
$5,rounds=6000$nlxmTTpz$
When
crypt_gensalt(3C) is being used to generate a new salt, if
the number of additional rounds configured in
crypt.conf(5) is
greater than that in the old salt, the value from
crypt.conf(5) is used instead. This allows for migration to stronger (but more
time-consuming) salts on password change.
ATTRIBUTES
See
attributes(7) for descriptions of the following attributes:
+--------------------+-----------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+--------------------+-----------------+
|Interface Stability | Committed |
+--------------------+-----------------+
|MT-Level | Safe |
+--------------------+-----------------+
SEE ALSO
passwd(1),
crypt(3C),
crypt_genhash_impl(3C),
crypt_gensalt(3C),
crypt_gensalt_impl(3C),
getpassphrase(3C),
crypt.conf(5),
passwd(5),
policy.conf(5),
attributes(7) May 8, 2008 CRYPT_SHA256(7)
