'\" te
.\" Copyright (c) 2008, Sun Microsystems, Inc. All Rights Reserved.
.TH crypt_sha512 5 "8 May 2008" "SunOS 5.11" "Standards, Environments, and Macros"
.SH NAME
crypt_sha512 \- password hashing module using SHA-512 message hash algorithm
.SH SYNOPSIS
.LP
.nf
\fB/usr/lib/security/$ISA/crypt_sha512.so\fR
.fi

.SH DESCRIPTION
.sp
.LP
The \fBcrypt_sha512\fR module is a one-way password hashing module for use with \fBcrypt\fR(3C) that uses the SHA-512 message hash algorithm. The algorithm identifier for \fBcrypt.conf\fR(4) and \fBpolicy.conf\fR(4) is \fB6\fR.
.sp
.LP
This module is designed to make it difficult to crack passwords that use brute force attacks based on high speed SHA-512 implementations that use code inlining, unrolled loops, and table lookup.
.sp
.LP
The maximum password length for \fBcrypt_sha512\fR is 255 characters.
.sp
.LP
The following options can be passed to the module by means of \fBcrypt.conf\fR(4):
.sp
.ne 2
.mk
.na
\fB\fBrounds=\fR\fI<positive_number>\fR\fR
.ad
.sp .6
.RS 4n
Specifies the number of rounds of SHA-512 to use in generation of the salt; the default number of rounds is 5000. Negative values have no effect and are ignored. The minimum number of rounds cannot be below 1000.
.sp
The number of additional rounds is stored in the salt string returned by \fBcrypt_gensalt\fR(3C). For example:
.sp
.in +2
.nf
$6,rounds=6000$nlxmTTpz$
.fi
.in -2

When \fBcrypt_gensalt\fR(3C) is being used to generate a new salt, if the number of additional rounds configured in \fBcrypt.conf\fR(4) is greater than that in the old salt, the value from \fBcrypt.conf\fR(4) is used instead. This allows for migration to stronger (but more time-consuming) salts on password change.
.RE

.SH ATTRIBUTES
.sp
.LP
See \fBattributes\fR(5) for descriptions of the following attributes:
.sp

.sp
.TS
tab() box;
cw(2.75i) |cw(2.75i) 
lw(2.75i) |lw(2.75i) 
.
ATTRIBUTE TYPEATTRIBUTE VALUE
_
Interface StabilityCommitted
_
MT-LevelSafe
.TE

.SH SEE ALSO
.sp
.LP
\fBpasswd\fR(1), \fBcrypt\fR(3C), \fBcrypt_genhash_impl\fR(3C), \fBcrypt_gensalt\fR(3C), \fBcrypt_gensalt_impl\fR(3C), \fBgetpassphrase\fR(3C), \fBcrypt.conf\fR(4), \fBpasswd\fR(4), \fBpolicy.conf\fR(4), \fBattributes\fR(5)