Go to main content

man pages section 7: Standards, Environments, Macros, Character Sets, and Miscellany

Exit Print View

Updated: Wednesday, February 9, 2022



crypt_sunmd5 - password hashing module using MD5 message hash algorithm




The crypt_sunmd5 module is a one-way password hashing module for use with crypt(3C) that uses the MD5 message hash algorithm. The algorithm identifier for crypt.conf(5) and policy.conf(5) is md5.

This module is designed to make it difficult to crack passwords that use brute force attacks based on high speed MD5 implementations that use code inlining, unrolled loops, and table lookup.

The maximum password length for crypt_sunmd5 is 255 characters.

The following options can be passed to the module by means of crypt.conf(5):


Specifies the number of additional rounds of MD5 to use in generation of the salt; the default number of rounds is 4096. Negative values have no effect and are ignored, that is, the number of rounds cannot be lowered below 4096.

The number of additional rounds is stored in the salt string returned by crypt_gensalt(3C). For example:


When crypt_gensalt(3C) is being used to generate a new salt, if the number of additional rounds configured in crypt.conf(5) is greater than that in the old salt, the value from crypt.conf(5) is used instead. This allows for migration to stronger (but more time-consuming) salts on password change.


The MD5 algorithm is currently considered weak for cryptographic use. This algorithm should be used only for compatibility with legacy systems and password entries. It is no longer included in the default CRYPT_ALGORITHMS_ALLOW list of algorithms to use to hash new passwords in policy.conf.


See attributes(7) for descriptions of the following attributes:

Interface Stability

See Also

passwd(1), crypt_gensalt(3C), getpassphrase(3C), crypt(3C), crypt_genhash_impl(3C), crypt_gensalt_impl(3C), crypt.conf(5), passwd(5), policy.conf(5), attributes(7)


The crypt_sunmd5 module was added to Solaris in Solaris 9 12/02 (Update 2). It was removed from the CRYPT_ALGORITHMS_ALLOW list of algorithms to use to hash new passwords in the default policy.conf in Oracle Solaris 11.4.0.