File: hashes.conf

package info (click to toggle)
libxcrypt 1%3A4.5.1-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 2,844 kB
  • sloc: ansic: 20,977; perl: 1,406; makefile: 720; python: 612; sh: 242
file content (59 lines) | stat: -rw-r--r-- 3,333 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
 
# This file is read by expand-selected-hashes and gen-crypt-hashes-h.
# It lists, for each supported hash algorithm, the name to be used to
# enable or disable it at configure time, which is also part of the
# name used for the 'crypt_fn' and 'gensalt_fn' entry points to the
# relevant algorithm module; the prefix used to identify the algorithm
# in hash strings; the number of bytes of random data that
# crypt_gensalt should draw from the OS when its caller doesn't supply
# any; and a comma-separated list of flags.
#
# The current set of possible flags is: STRONG means the hash is still
# considered strong enough to use for newly hashed passwords; this is
# the set of hashes that will be enabled when the library is
# configured with --enable-hashes=strong.  DEFAULT means that this
# hash may be used as the default for newly hashed passwords;
# when crypt_gensalt is called with a null pointer for its prefix
# argument, it will use the first hash in this file that was enabled
# and has a DEFAULT flag.  Hashes that are not STRONG should never be
# marked DEFAULT.  If you change the set of DEFAULT hashes you must also
# update test-gensalt.c to match.
#
# ALT, FREEBSD, GLIBC, NETBSD, OPENBSD, OSX, OWL, SOLARIS, and SUSE
# mean that the hash was historically supported by crypt() as provided
# by that operating system / C library.  These are also recognized by
# --enable-hashes as sets of hashes that can be enabled.
#
# Fields are separated by whitespace. Lines beginning with # are
# ignored; # is not otherwise significant.  Multiple flags are
# separated by commas.  A field whose contents are a single colon (:)
# is actually understood as an empty string; colon is used for this
# purpose because it cannot be part of a hash prefix or a C identifier.
#
# Because the first DEFAULT entry that's enabled is used for new
# hashes when crypt_gensalt() is called with a null prefix, the list
# should be kept in decreasing order of cryptographic strength overall
# (this only *matters* for DEFAULT entries, but it's easier to keep
# the whole list sorted that way).  Because of how crypt() checks
# prefixes, the hashes that use an empty prefix (bigcrypt and
# descrypt) must be last (conveniently, these are also the weakest
# supported hashes).
#
#name          h_prefix  nrbytes  flags
yescrypt       $y$       16       STRONG,DEFAULT,ALT,DEBIAN,FEDORA
gost_yescrypt  $gy$      16       STRONG,ALT
sm3_yescrypt   $sm3y$    16       STRONG,EULER,KYLIN
scrypt         $7$       16       STRONG
bcrypt         $2b$      16       STRONG,DEFAULT,ALT,FREEBSD,NETBSD,OPENBSD,OWL,SOLARIS,SUSE
bcrypt_y       $2y$      16       STRONG,ALT,OWL,SUSE
bcrypt_a       $2a$      16       STRONG,ALT,FREEBSD,NETBSD,OPENBSD,OWL,SOLARIS,SUSE
bcrypt_x       $2x$      16       ALT,OWL,SUSE
sm3crypt       $sm3$     16       EULER,KYLIN
sha512crypt    $6$       15       STRONG,DEFAULT,GLIBC,FREEBSD,SOLARIS
sha256crypt    $5$       15       GLIBC,FREEBSD,SOLARIS
sha1crypt      $sha1     20       NETBSD
sunmd5         $md5      8        SOLARIS
md5crypt       $1$       9        GLIBC,FREEBSD,NETBSD,OPENBSD,SOLARIS
nt             $3$       1        FREEBSD
bsdicrypt      _         3        FREEBSD,NETBSD,OPENBSD,OSX
bigcrypt       :         2        :
descrypt       :         2        GLIBC,FREEBSD,NETBSD,OPENBSD,SOLARIS,OSX