"Norman Gray" gray@nxg.name schrieb am 03.06.2019 um 16:13 in Nachricht
BFD15D85-2DCE-4E3A-8CF6-04190CD520C4@nxg.name:
Ulrich, hello.
On 3 Jun 2019, at 13:50, Ulrich Windl wrote:
ie, pretty much what I expected ‑‑ but in glibc's crypt(3), the $5$ and
$6$ hashes are the result of an unspecified number of rounds of such hashing (the $1$/MD5 glibc hash does appear to be compatible with OpenLDAP {SMD5}, though). (Quite possibly everyone else in the world already knew this, but I didn't!)
Hi!
First the number of rounds is NOT unspecified: It s explicitly specified, it's optional, and (I think) it defaults to one.
Good point -- the number of rounds is indeed exposed.
If I'm correctly reading crypt/sha256-crypt.c in https://ftp.gnu.org/gnu/glibc/, then the default number of rounds is 5000 and, as you say, the number of rounds can be indicated in a param=value clause in the passwd string (as gestured towards in https://github.com/P-H-C/phc-string-format/blob/master/phc-sf-spec.md).
But I may have been unclear: by 'unspecified' I meant 'not described in a formal specification' (as far as I can see), so that I would not be comfortable trying to reimplement the glibc password-hashing process based on documentation alone.
Correct; I read the manual, not the source, nad there the default number of rounds was not mentioned.
Best wishes,
Norman
-- Norman Gray : https://nxg.me.uk