ftO3Vf5ujoFQgpz9vG7D+paKjOnppI7IRuuvQpq7s1U=
sha256:1000:L6DlotbUNtnUv7jZ5d/vLnnzaklLWeVt:mUOt7S58/Ray8HE68OhmJc9IDZkLJmoK
The glibc version of this function supports additional encryption algorithms.
If salt is a character string starting with the characters "$id$" followed by a string optionally terminated by "$", then the result has the form:
$id$salt$encrypted
id identifies the encryption method used instead of DES and this then determines how the rest of the password string is interpreted. The following values of id are supported:
ID | Method
─────────────────────────────────────────────────────────
1 | MD5
2a | Blowfish (not in mainline glibc; added in some
| Linux distributions)
5 | SHA-256 (since glibc 2.7)
6 | SHA-512 (since glibc 2.7)
Thus, $5$salt$encrypted and $6$salt$encrypted contain the password encrypted with, respectively, functions based on SHA-256 and SHA-512.
"salt" stands for the up to 16 characters following "$id$" in the salt. The "encrypted" part of the password string is the actual computed password. The size of this string is
fixed:
MD5 | 22 characters
SHA-256 | 43 characters
SHA-512 | 86 characters
The characters in "salt" and "encrypted" are drawn from the set [a-zA-Z0-9./]. In the MD5 and SHA implementations the entire key is significant (instead of only the first 8 bytes
in DES).
Since glibc 2.7, the SHA-256 and SHA-512 implementations support a user-supplied number of hashing rounds, defaulting to 5000. If the "$id$" characters in the salt are followed
by "rounds=xxx$", where xxx is an integer, then the result has the form
$id$rounds=yyy$salt$encrypted
where yyy is the number of hashing rounds actually used. The number of rounds actually used is 1000 if xxx is less than 1000, 999999999 if xxx is greater than 999999999, and is
equal to xxx otherwise.