Mind Dump, Tech And Life Blog
written by Ivan Alenko
published under license Attribution-ShareAlike 4.0 International (CC BY-SA 4.0)copy! share!
posted in category Copied Stuff / Tech
posted at 24. Jun '23

A List of Crypt Algorithms

I’m copying it here from Wikipedia - https://en.wikipedia.org/wiki/Crypt_(C), because it is almost impossible to find right away (not with lazy keywords like “md5 bcrypt yescrypt 2a shadow”). Man pages like https://man7.org/linux/man-pages/man3/crypt.3.html froze in time and the latest hash function is…SHA-512.

Scheme id Schema Example
  DES Kyq4bCxAXJkbg
_ BSDi _EQ0.jzhSVeUyoSqLupI
1 MD5 $1$etNnh7FA$OlM7eljE/B7F1J4XYNnk81
2, 2a, 2b, 2x, 2y bcrypt $2a$10$VIhIOofSMqgdGlL4wzE//e.77dAQGqntF/1dT7bqCrVtquInWy2qi
3 NTHASH $3$$8846f7eaee8fb117ad06bdd830b7586c
5 SHA-256 $5$9ks3nNEqv31FX.F$gdEoLFsCRsn/WRN3wxUnzfeZLoooVlzeF4WjLomTRFD
6 SHA-512 $6$qoE2letU$wWPRl.PVczjzeMVgjiA8LLy2nOyZbf7Amj3qLIL978o18gbMySdKZ7uepq9tmMQXxyTIrS12Pln.2Q/6Xscao0
7 scrypt $7$DU…./….2Q9obwLhin8qvQl6sisAO/$sHayJj/JBdcuD4lJ1AxiwCo9e5XSi8TcINcmyID12i8
8 (Cisco) PBKDF2 with SHA256 $8$mTj4RZG8N9ZDOk$elY/asfm8kD3iDmkBe3hD2r4xcA/0oWS5V3os.O91u.
8 (JunOS) PBKDF2 $8$crypt-algo$hash-algo$iterations$salt$iv$tag$encrypted $8$aes256-gcm$hmac-sha2-256$100$y/4YMC4YDLU$fzYDI4jjN6YCyQsYLsaf8A$Ilu4jLcZarD9YnyD /Hejww$okhBlc0cGakSqYxKww
gy gost-yescrypt $gy$jCT$HM87v.7RwpQLba8fDjNSk1$VgqS7k2OZWhFbAJVBye2vaA7ex/1VtU3a5fmL8Wv/26
md5 Solaris MD5 $md5,rounds=5000$GUBv0xjJ$$mSwgIswdjlTY0YxV7HBVm0
sha1 PBKDF1 with SHA-1 $sha1$40000$jtNX3nZ2$hBNaIXkt4wBI2o5rsi8KejSjNqIq
y yescrypt $y$j9T$F5Jx5fExrKuPp53xLKQ..1$X3DX6M94c7o.9agCG9G317fhZg9SqC.5i5rd.RhAtQ7

Blowfish (bcrypt) variants:

  • $2$ – Obsolete.
  • $2a$ – The current key used to identify this scheme. Since a major security flaw was discovered in 2011 in a non-OpenBSD crypt_blowfish implementation of the algorithm,[16] hashes indicated by this string are now ambiguous and might have been generated by the flawed implementation, or a subsequent fixed, implementation. The flaw may be triggered by some password strings containing non-ASCII (8th-bit-set) characters.
  • $2b$ – Used by recent OpenBSD implementations to include a mitigation to a wraparound problem.[17] Previous versions of the algorithm have a problem with long passwords. By design, long passwords are truncated at 72 characters, but there is a byte integer wraparound problem with certain password lengths resulting in weak hashes.[18]
  • $2x$ – A flag added after the crypt_blowfish bug discovery. Old hashes can be renamed to be $2x$ to indicate that they were generated with the broken algorithm. These hashes are still weak, but at least it’s clear which algorithm was used to generate them.
  • $2y$ – A flag in crypt_blowfish to unambiguously use the new, corrected algorithm. On an older implementation suffering from the bug, $2y$ simply won’t work. On a newer, fixed implementation, it will produce the same result as using $2b$

Argon2, yescrypt:

  • $y$ - yescrypt is an extension of scrypt ($7$) and a PHC finalist. It is used in several Linux distributions as an alternative to the existing schemes. To use this hash, the libcrypt from glibc is replaced with a backward-compatible one from the “libxcrypt” project.
  • $argon2d$, $argon2i$, $argon2ds$ - These are PHC-assigned names for the Argon2 algorithm, but do not seem to be widely used.

Source: https://en.wikipedia.org/wiki/Crypt_(C). Contains also other very useful stuff.

Add Comment