sha-512-digest-string

Pattern: 
'$0$.*' 
 '|$6$(rounds=\d+$)?[a-zA-Z0-9./]{1,16}$[a-zA-Z0-9./]{86}' 

The sha-512-digest-string type automatically computes a SHA-512 digest for a value adhering to this type. A value of this type matches one of the forms

  • $0$<clear text password>

  • $6$<salt>$<password hash>

  • $6$rounds=<number>$<salt>$<password hash>

The '$0$' prefix signals that this is plain text. When a plain text value is received by the server, a SHA-512 digest is calculated, and the string '$6$<salt>$' is prepended to the

result, where <salt> is a random 16 character salt used to generate the digest. This value is stored in the configuration data store. The algorithm can be tuned through the

/confdConfig/cryptHash/rounds parameter, which if set to a number other than the default will cause '$6$rounds=<number>$<salt>$' to be prepended instead of only '$6$<salt>$'.

If a value starting with '$6$' is received, the server knows that the value already represents a SHA-512 digest, and stores it as is in the data store.

If a default value is specified, it must have a '$6$' prefix. The digest algorithm used is the same as the SHA-512 crypt function used for encrypting passwords for various UNIX systems.

Reference:

  • IEEE Std 1003.1-2008 - crypt() function FIPS.180-3.2008: Secure Hash Standard