set password-storage Command

The set password-storage command lets you select a hashing method for passwords stored in the directory.
cad125
The 
set password-storage 
command lets you select a hashing method for passwords stored in the directory.
This command has the following format:
set password-storage = ssha-512 | sha-512 | ssha-1 | sha-1 | pbkdf2 | crypt | scrypt | bcrypt | md5 | smd5 | none;
  •  
    ssha-512
    (Default) Hashes the password using the Salted SHA-512 algorithm.
  •  
    sha-512
    Hashes the password using the SHA-512 algorithm.
  •  
    ssha-1
    Hashes the password using the Salted SHA-1 algorithm. This algorithm produces a different hash even for the same clear text password, which is more secure.
  •  
    sha-1
    Hashes the password using the SHA-1 algorithm.
  •  
    pbkdf2
    Hashes the password using the PBKDF2 (Password-Based Key Derivation Function 2) method.
  •  
    crypt
    Hashes the password using the UNIX crypt method.
  •  
    scrypt
    Hashes the password using the scrypt algorithm. 
  •  
    bcrypt
    Hashes the password using the bcrypt method.
  •  
    md5
    Hashes the password using the Message Digest algorithm.
  •  
    smd5
    Hashes the password using the Salted Message Digest algorithm.
  •  
    none
    Passwords are not hashed. This should only be used for testing.
Supporting Commands for the PBKDF2 Hashing Method
set pbkdf2-iterations Command
This command increases the computation time to derive a hash, thus, making dictionary-based and brute force attacks more difficult.
This command has the following format:
set pbkdf2-iterations = <num>;
Where <num> is a value greater than 0. This value specifies the number of iterations when deriving a hash.
 
Default:
 64000
When you decide to use the PBKDF2 hashing method for improved security, keep in mind the computation cost. The larger the number of iterations, the higher is the cost.
set salt-length Command
This command has the following format:
set salt-length = <num>;
Where <num> is a value from 8 through 65544 that is divisible by 8. This value (in bits) is the length of the salt (random data) included with the password.
Using this method makes it difficult to pregenerate a table of hashes for a given password value.
 
Default:
 128
set pbkdf2-digest-length Command
This command has the following format:
set pbkdf2-digest-length = <num>;
Where <num> is a value from 8 through 65544 that is divisible by 8. This value (in bits) is the length of the hash generated.
 
Default:
 128
 These default values must be reviewed annually to take into account computational speed of machines increasing over time.
Supporting Commands for the bcrypt and scrypt Hashing Mechanisms
When using bcrypt, the following optional settings can be set:
set salt-length Command
This command has the following format:
set salt-length = <number>
This command sets the size in number of bits of the salt to be used. This value must be a multiple of 8 and not greater than 65535.
 
Default:
 16
set pbkdf-iterations Command
This command has the following format:
set pbkdf-iterations = <number>
This command sets the number of iterations to performed.
 
Default:
 64000
When using scrypt, salt-length and pbkdf-iterations can also be set as mentioned earlier. However, use a lower pbkdf-iterations value such as 32 as the scrypt hashing method is a more CPU intensive. In addition to these two settings, scrypt also supports the variable digest length setting. 
set pbkdf-digest-length Command
This command has the following format:
set pbkdf-digest-length = <number>
This command sets the size in number of bits of the digest (hash) to be derived.
 
Default:
 16