CRYPT_SHA256(7) Standards, Environments, and Macros CRYPT_SHA256(7)

NAME


crypt_sha256 - password hashing module using SHA-256 message hash
algorithm

SYNOPSIS


/usr/lib/security/$ISA/crypt_sha256.so


DESCRIPTION


The crypt_sha256 module is a one-way password hashing module for use with
crypt(3C) that uses the SHA-256 message hash algorithm. The algorithm
identifier for crypt.conf(5) and policy.conf(5) is 5.


This module is designed to make it difficult to crack passwords that use
brute force attacks based on high speed SHA-256 implementations that use
code inlining, unrolled loops, and table lookup.


The maximum password length for crypt_sha256 is 255 characters.


The following options can be passed to the module by means of
crypt.conf(5):

rounds=<positive_number>

Specifies the number of rounds of SHA-256 to use in generation of the
salt; the default number of rounds is 5000. Negative values have no
effect and are ignored. The minimum number of rounds cannot be below
1000.

The number of additional rounds is stored in the salt string returned
by crypt_gensalt(3C). For example:

$5,rounds=6000$nlxmTTpz$

When crypt_gensalt(3C) is being used to generate a new salt, if the
number of additional rounds configured in crypt.conf(5) is greater
than that in the old salt, the value from crypt.conf(5) is used
instead. This allows for migration to stronger (but more time-
consuming) salts on password change.


ATTRIBUTES


See attributes(7) for descriptions of the following attributes:


+--------------------+-----------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+--------------------+-----------------+
|Interface Stability | Committed |
+--------------------+-----------------+
|MT-Level | Safe |
+--------------------+-----------------+

SEE ALSO


passwd(1), crypt(3C), crypt_genhash_impl(3C), crypt_gensalt(3C),
crypt_gensalt_impl(3C), getpassphrase(3C), crypt.conf(5), passwd(5),
policy.conf(5), attributes(7)

illumos May 8, 2008 CRYPT_SHA256(7)