On Jan 27, 2016, at 5:15 PM, Will W. <will@damagesinc.net> wrote:
e0NSWVBUfSQ2JGNiZWE2ZDc5MzJkZmE3NmIkWWdPUlpINlh0RFhtRkVEcmNCblg zQW82SkR4QUN5LkJSTVROWjhEa0YwaWRnM2NNMkQzZ1BFSFJmQTA1ZjhkUXgxNG8vNEZpNTc1eFhK LjJ5RGtEQS8=
Which decodes to: {CRYPT}$6$cbea6d7932dfa76b$YgORZH6XtDXmFEDrcBnX3Ao6JDxACy.BRMTNZ8DkF0idg3cM2D3gPEHRfA05f8dQx14o/4Fi575xXJ.2yDkDA/ Crypt hashes are validated by calling your system's crypt() function. I believe the Linux variant of crypt() will support SHA-512 The glibc2 version of this function supports additional encryption algorithms. If salt is a character string starting with the characters "$id$" followed by a string terminated by "$": $id$salt$encrypted then instead of using the DES machine, id identifies the encryption method used and this then determines how the rest of the password string is interpreted. The following values of id are supported: ID | Method ───────────────────────────────────────────────────────── 1 | MD5 2a | Blowfish (not in mainline glibc; added in some | Linux distributions) 5 | SHA-256 (since glibc 2.7) 6 | SHA-512 (since glibc 2.7) So $5$salt$encrypted is an SHA-256 encoded password and $6$salt$encrypted is an SHA-512 encoded one. "salt" stands for the up to 16 characters following "$id$" in the salt. The encrypted part of the password string is the actual computed password. The size of this string is fixed: If you're using that, you can ignore my comment about needing a salt, because the crypt string will already have one. You should be aware that the crypt() function is not threadsafe, and as such is protected by a mutex. If you're only processing a few hundred authentications a second, that's fine, but it will cause issues when you get to thousands or tens of thousands. -Arran