shadow/man/login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml

36 lines
1.2 KiB
XML
Raw Normal View History

<varlistentry>
<term><option>SHA_CRYPT_MIN_ROUNDS</option> (number)</term>
<term><option>SHA_CRYPT_MAX_ROUNDS</option> (number)</term>
<listitem>
<para>
When <option>ENCRYPT_METHOD</option> is set to
<replaceable>SHA256</replaceable> or
<replaceable>SHA512</replaceable>, this defines the number of SHA
rounds used by the encryption algorithm by default (when the number
of rounds is not specified on the command line).
</para>
<para>
With a lot of rounds, it is more difficult to brute forcing the
password. But note also that more CPU resources will be needed to
authenticate users.
</para>
<para>
If not specified, the libc will choose the default number of rounds
(5000).
</para>
<para>
The values must be inside the 1000-999999999 range.
</para>
<para>
If only one of the <option>SHA_CRYPT_MIN_ROUNDS</option> or
<option>SHA_CRYPT_MAX_ROUNDS</option> values is set, then this value
will be used.
</para>
<para>
If <option>SHA_CRYPT_MIN_ROUNDS</option> &gt;
<option>SHA_CRYPT_MAX_ROUNDS</option>, the highest value will be
used.
</para>
</listitem>
</varlistentry>