The crypt_sha512 module is a one-way password hashing module for use with crypt(3C) that uses the SHA-512 message hash algorithm. The algorithm identifier for crypt.conf(4) and policy.conf(4) is 6.
This module is designed to make it difficult to crack passwords that use brute force attacks based on high speed SHA-512 implementations that use code inlining, unrolled loops, and table lookup.
The maximum password length for crypt_sha512 is 255 characters.
The following options can be passed to the module by means of crypt.conf(4):
The number of additional rounds is stored in the salt string returned by crypt_gensalt(3C). For example:
When crypt_gensalt(3C) is being used to generate a new salt, if the number of additional rounds configured in crypt.conf(4) is greater than that in the old salt, the value from crypt.conf(4) is used instead. This allows for migration to stronger (but more time-consuming) salts on password change.
See attributes(5) for descriptions of the following attributes:
passwd(1), crypt(3C), crypt_genhash_impl(3C), crypt_gensalt(3C), crypt_gensalt_impl(3C), getpassphrase(3C), crypt.conf(4), passwd(4), policy.conf(4), attributes(5)