Hashing

https://security.stackexchange.com/questions/204813/what-are-sha-rounds

Make a python script for hashing with sha512 and test it with different rounds

https://passlib.readthedocs.io/en/stable/lib/passlib.hash.sha512_crypt.html

In Linux, the default round is 5000. Defines in /etc/login.defs

#!/bin/env python3

from passlib.hash import sha512_crypt
import crypt

#salt = crypt.mksalt(method=crypt.METHOD_SHA512, rounds=5000) # works too
salt = crypt.mksalt(method=crypt.METHOD_SHA512) # Works
print(salt)
h = crypt.crypt(word="mypassword123", salt=salt)
print(h)

sudo cat /etc/shadow | grep test
test:$6$SwXiSnR01ePstPd0$uJCXS80BB/YSprBi/dCxnibkCObvPS4sKc.I9/wAA2A.Tn8so3vdJnNgReOlDZP1xncsCQewOU9pIQDm60.0B1:19696:1:180:7:::

The $6$ means it’s encrypted with sha512crypt

When we create a user, the hash in the shadow file changed, so, that means the salt is random

https://crypto.stackexchange.com/questions/86226/salt-length-in-sha-512-version-of-unix-crypt-command

https://github.com/freebsd/freebsd-src/blob/master/lib/libpam/modules/pam_unix/pam_unix.c#L472

https://crypto.stackexchange.com/questions/86226/salt-length-in-sha-512-version-of-unix-crypt-command

https://security.stackexchange.com/questions/204813/what-are-sha-rounds

https://medium.com/@zaid960928/cryptography-explaining-sha-512-ad896365a0c1