diff options
| author | Björn Esser <besser82@fedoraproject.org> | 2021-11-30 21:28:52 +0100 |
|---|---|---|
| committer | Björn Esser <besser82@fedoraproject.org> | 2021-11-30 21:28:52 +0100 |
| commit | c50b731f83bc4c3cf90804ffe188a157e2c83f62 (patch) | |
| tree | 9925df7d8f308e2ed239c3a4abac9c20af260fed /doc | |
| parent | 1a9364c492efec910e08906a8677ba9e2232d8e0 (diff) | |
| download | libxcrypt-c50b731f83bc4c3cf90804ffe188a157e2c83f62.tar.gz libxcrypt-c50b731f83bc4c3cf90804ffe188a157e2c83f62.tar.bz2 libxcrypt-c50b731f83bc4c3cf90804ffe188a157e2c83f62.zip | |
doc/crypt.5: Document the recommended amount of salt-bits for yescrypt.
Also document the same value as the recommended amount for gost-yescrypt
and scrypt.
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/crypt.5 | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/doc/crypt.5 b/doc/crypt.5 index 0b81c10..e3186bc 100644 --- a/doc/crypt.5 +++ b/doc/crypt.5 @@ -170,7 +170,7 @@ and does not show the division into prefix, options, salt, and hash. yescrypt is a scalable passphrase hashing scheme designed by Solar Designer, which is based on Colin Percival's scrypt. Recommended for new hashes. -.hash "$y$" "\e$y\e$[./A-Za-z0-9]+\e$[./A-Za-z0-9]{,86}\e$[./A-Za-z0-9]{43}" unlimited 8 256 256 "up to 512" "1 to 11 (logarithmic)" +.hash "$y$" "\e$y\e$[./A-Za-z0-9]+\e$[./A-Za-z0-9]{,86}\e$[./A-Za-z0-9]{43}" unlimited 8 256 256 "up to 512 (128+ recommended)" "1 to 11 (logarithmic)" .Ss gost-yescrypt gost-yescrypt uses the output from the yescrypt hashing method in place of a hmac message. Thus, the yescrypt crypto properties are superseded by the @@ -181,14 +181,14 @@ algorithms. The GOST R 34.11-2012 (Streebog) hash function has been published by the IETF as RFC 6986. Recommended for new hashes. -.hash "$gy$" "\e$gy\e$[./A-Za-z0-9]+\e$[./A-Za-z0-9]{,86}\e$[./A-Za-z0-9]{43}" unlimited 8 256 256 "up to 512" "1 to 11 (logarithmic)" +.hash "$gy$" "\e$gy\e$[./A-Za-z0-9]+\e$[./A-Za-z0-9]{,86}\e$[./A-Za-z0-9]{43}" unlimited 8 256 256 "up to 512 (128+ recommended)" "1 to 11 (logarithmic)" .Ss scrypt scrypt is a password-based key derivation function created by Colin Percival, originally for the Tarsnap online backup service. The algorithm was specifically designed to make it costly to perform large-scale custom hardware attacks by requiring large amounts of memory. In 2016, the scrypt algorithm was published by IETF as RFC 7914. -.hash "$7$" "\e$7\e$[./A-Za-z0-9]{11,97}\e$[./A-Za-z0-9]{43}" unlimited 8 256 256 "up to 512" "6 to 11 (logarithmic)" +.hash "$7$" "\e$7\e$[./A-Za-z0-9]{11,97}\e$[./A-Za-z0-9]{43}" unlimited 8 256 256 "up to 512 (128+ recommended)" "6 to 11 (logarithmic)" .Ss bcrypt A hash based on the Blowfish block cipher, modified to have an extra-expensive key schedule. |