# If set to SHA512, SHA512-based algorithm will be used for encrypting password
# If set to BCRYPT, BCRYPT-based algorithm will be used for encrypting password
# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# MD5 and DES should not be used for new hashes, see crypt(5) for recommendations.
# Overrides the MD5_CRYPT_ENAB option
#
# Note: If you use PAM, it is recommended to use a value consistent with
# However, more CPU resources will be needed to authenticate users if
# this value is increased.
#
-# If not specified, the libc will choose the default number of rounds (5000).
+# If not specified, the libc will choose the default number of rounds (5000),
+# which is orders of magnitude too low for modern hardware.
# The values must be within the 1000-999999999 range.
# If only one of the MIN or MAX values is set, then this value will be used.
# If MIN > MAX, the highest value will be used.
<replaceable>MD5</replaceable><phrase condition="sha_crypt">,
<replaceable>SHA256</replaceable>,
<replaceable>SHA512</replaceable></phrase>.
+ MD5 and DES should not be used for new hashes, see
+ <refentrytitle>crypt</refentrytitle><manvolnum>5</manvolnum>
+ for recommendations.
</para>
<para>
Note: this parameter overrides the <option>MD5_CRYPT_ENAB</option>
</para>
<para>
If not specified, the libc will choose the default number of rounds
- (5000).
+ (5000), which is orders of magnitude too low for modern hardware.
</para>
<para>
The values must be inside the 1000-999,999,999 range.
projects / thirdparty / shadow.git / commitdiff
