Re: [PATCH v2 3/3] crypt.3: added description of previously undocumented 'rounds' parameter

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Konstantin,

On 09/04/2017 08:53 PM, Konstantin Shemyak wrote:
> Files crypt/sha{256,512}-crypt.c in the glibc source define macros:
> 
> /* Default number of rounds if not explicitly specified.  */
> #define ROUNDS_DEFAULT 5000
> /* Minimum number of rounds.  */
> #define ROUNDS_MIN 1000
> /* Maximum number of rounds.  */
> #define ROUNDS_MAX 999999999
> 
> And the main encryption function __sha512_crypt_r() sets:
> 
> rounds = MAX (ROUNDS_MIN, MIN (srounds, ROUNDS_MAX));
> 
> One can check that for example
> 
> crypt("key", "$5$rounds=1$salt")
> 
> returns string
> 
> $5$rounds=1000$salt$PWLKU7MTJ0s5M/mjBPcqnMsorm3qKyoBctxmZ1mNwn2

Thanks for all of the detail. I've applied the patch.

> This parameter has been introduced in glibc 2.7.

This detail should also be in the text. I've added it.

Cheers,

Michael


> 
> Signed-off-by: Konstantin Shemyak <konstantin@xxxxxxxxxxx>
> ---
>  man3/crypt.3 | 15 +++++++++++++++
>  1 file changed, 15 insertions(+)
> 
> diff --git a/man3/crypt.3 b/man3/crypt.3
> index 58fd33f..bfdac22 100644
> --- a/man3/crypt.3
> +++ b/man3/crypt.3
> @@ -248,6 +248,21 @@ In the MD5 and SHA implementations the entire
>  .I key
>  is significant (instead of only the first
>  8 bytes in DES).
> +.PP
> +SHA-256 and SHA-512 implementations support user-supplied number of
> +hashing rounds, defaulting to 5000.
> +If the "$\fIid\fP$" characters in the salt are
> +followed by "rounds=\fIxxx\fP$" and \fIxxx\fP is an integer, then the
> +result has the form
> +.RS
> +.PP
> +$\fIid\fP$\fIrounds=yyy\fP$\fIsalt\fP$\fIencrypted\fP
> +.PP
> +.RE
> +where \fIyyy\fP is the actual number of hashing rounds used.
> +The number actually used is 1000 if the supplied number is less than
> +1000, 999999999 if the supplied number is greater than 999999999, and
> +equal to the supplied number otherwise.
>  .SH SEE ALSO
>  .BR login (1),
>  .BR passwd (1),
> 


-- 
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Linux/UNIX System Programming Training: http://man7.org/training/
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Kernel Documentation]     [Netdev]     [Linux Ethernet Bridging]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux Admin]     [Samba]

  Powered by Linux