2 .\" Copyright (c) 2002, Sun Microsystems, Inc. All Rights Reserved.
3 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
4 .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
5 .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
6 .TH CRYPT_SUNMD5 5 "Dec 23, 2003"
8 crypt_sunmd5 \- password hashing module using MD5 message hash algorithm
12 \fB/usr/lib/security/$ISA/crypt_sunmd5.so\fR
18 The \fBcrypt_sunmd5\fR module is a one-way password hashing module for use with
19 \fBcrypt\fR(3C) that uses the MD5 message hash algorithm. The algorithm
20 identifier for \fBcrypt.conf\fR(4) and \fBpolicy.conf\fR(4) is \fBmd5\fR.
23 This module is designed to make it difficult to crack passwords that use brute
24 force attacks based on high speed MD5 implementations that use code inlining,
25 unrolled loops, and table lookup.
28 The maximum password length for \fBcrypt_sunmd5\fR is 255 characters.
31 The following options can be passed to the module by means of
36 \fB\fBrounds=\fR\fI<positive_number>\fR\fR
39 Specifies the number of additional rounds of MD5 to use in generation of the
40 salt; the default number of rounds is 4096. Negative values have no effect and
41 are ignored, that is, the number of rounds cannot be lowered below 4096.
43 The number of additional rounds is stored in the salt string returned by
44 \fBcrypt_gensalt\fR(3C). For example:
48 $md5,rounds=1000$nlxmTTpz$
52 When \fBcrypt_gensalt\fR(3C) is being used to generate a new salt, if the
53 number of additional rounds configured in \fBcrypt.conf\fR(4) is greater than
54 that in the old salt, the value from \fBcrypt.conf\fR(4) is used instead. This
55 allows for migration to stronger (but more time-consuming) salts on password
62 See \fBattributes\fR(5) for descriptions of the following attributes:
70 ATTRIBUTE TYPE ATTRIBUTE VALUE
78 \fBpasswd\fR(1), \fBcrypt\fR(3C), \fBcrypt_genhash_impl\fR(3C),
79 \fBcrypt_gensalt\fR(3C), \fBcrypt_gensalt_impl\fR(3C), \fBgetpassphrase\fR(3C),
80 \fBcrypt.conf\fR(4), \fBpasswd\fR(4), \fBpolicy.conf\fR(4), \fBattributes\fR(5)