UNIX-style passwords are of the form $format$rounds$salt$hash. Common format parameters:

  • 1 — md5crypt (mostly older)
  • 2, 2a, 2b, 2x, 2y — bcrypt (generally web apps)
  • 6 — sha512crypt (most modern systems)

Both $rounds and $salt are optional (salts are never purely numeric, so it’s easy to tell these apart).

Bcrypt is designed to take approximately the same amount of time when hashed on a CPU vs. a GPU, which is one reason it’s considered more resistant to cracking.

Note

1 hex digit = 4 bits (2 hex digits per byte), which is why a 128-bit md5 hash is 32 characters long.