Linux (and BSD) Password Hashes

author: Nathan Acks
date: 2021-10-12

UNIX-style passwords are of the form $format$rounds$salt$hash. Common format parameters:

Both $rounds and $salt are optional (salts are never purely numeric, so it’s easy to tell these apart).

Bcrypt is designed to take approximately the same amount of time when hashed on a CPU vs. a GPU, which is one reason it’s considered more resistant to cracking.

NOTE: 1 hex digit = 4 bits (2 hex digits per byte), which is why a 128-bit md5 hash is 32 characters long.