Using PHP's crypt function as follows, I can do a sha256 hash with salt and multiple rounds.
php -r "echo crypt('foo','\$5\$rounds=5000\$saltsaltsaltsalt');"
produces:
$5$rounds=5000$saltsaltsaltsalt$5RbfsOruKYb8v7hGn29A.I91maopNeJ2nIFH.SIEnSC
How can I perform this exact process (and/or validate a hash) using the OpenSSL command line program?
Best Answer
This password hashing algorithm is rather complex — see the complete description: http://www.akkadia.org/drepper/SHA-crypt.txt.
Unfortunately, the
openssl passwdcommand does not currently support it — there is support only for the old DES-based crypt(), MD5-based crypt() and the Apacheapr1variant of MD5 salted hashes. There is a Debian bug report requesting SHA-256/512 password hash support, but currently nothing has been done.