On 1/8/20 10:27 AM, Simone Piccardi wrote:
But in the current version it better to use the contrib module, or delegate the hashing to the C library? I'm currently using on new install:
password-hash {CRYPT} password-crypt-salt-format "$6$%.16s"
but I'm using only Linux, I don't know if this is applicable on other OS.
You can improve this a bit by setting more hashing rounds (default is 5000):
$6$rounds=90000$%.16s
It's worth to read the hints in crypt(5):
"[..] Supported on Linux but not common elsewhere. Acceptable for new hashes. The default CPU time cost parameter is 5000, which is too low for modern hardware."
So as long as you're only using Linux it's fine. But if you want to migrate to other Unix-like OS or Windows these hashes won't work anymore.
Ciao, Michael.