2008-05-20 02:29:51 +05:30
|
|
|
<varlistentry condition="sha_crypt">
|
2007-11-27 03:41:23 +05:30
|
|
|
<term><option>SHA_CRYPT_MIN_ROUNDS</option> (number)</term>
|
|
|
|
|
<term><option>SHA_CRYPT_MAX_ROUNDS</option> (number)</term>
|
|
|
|
|
<listitem>
|
|
|
|
|
<para>
|
|
|
|
|
When <option>ENCRYPT_METHOD</option> is set to
|
|
|
|
|
<replaceable>SHA256</replaceable> or
|
|
|
|
|
<replaceable>SHA512</replaceable>, this defines the number of SHA
|
|
|
|
|
rounds used by the encryption algorithm by default (when the number
|
|
|
|
|
of rounds is not specified on the command line).
|
|
|
|
|
</para>
|
|
|
|
|
<para>
|
|
|
|
|
With a lot of rounds, it is more difficult to brute forcing the
|
|
|
|
|
password. But note also that more CPU resources will be needed to
|
|
|
|
|
authenticate users.
|
|
|
|
|
</para>
|
|
|
|
|
<para>
|
|
|
|
|
If not specified, the libc will choose the default number of rounds
|
|
|
|
|
(5000).
|
|
|
|
|
</para>
|
|
|
|
|
<para>
|
|
|
|
|
The values must be inside the 1000-999999999 range.
|
|
|
|
|
</para>
|
|
|
|
|
<para>
|
|
|
|
|
If only one of the <option>SHA_CRYPT_MIN_ROUNDS</option> or
|
|
|
|
|
<option>SHA_CRYPT_MAX_ROUNDS</option> values is set, then this value
|
|
|
|
|
will be used.
|
|
|
|
|
</para>
|
|
|
|
|
<para>
|
|
|
|
|
If <option>SHA_CRYPT_MIN_ROUNDS</option> >
|
|
|
|
|
<option>SHA_CRYPT_MAX_ROUNDS</option>, the highest value will be
|
|
|
|
|
used.
|
|
|
|
|
</para>
|
|
|
|
|
</listitem>
|
|
|
|
|
</varlistentry>
|
