Each hash method has it's own way to encode parameters like cost and salt. For auditing and monitoring purposes it would be nice to have a generic tool which could decode them.
If I planned to transition to a more strict hashing policy, such a tool would be the base for a script which told me which users have to re-hash their password. Also I could monitor for salt reuse.
I know that there are plans to enforce hash policy with crypt.conf, but I think such a tool could be complementary as you won't be able to enforce a policy which excludes most of your users.
melak
commented
2 years ago
Each hash method has it's own way to encode parameters like cost and salt. For auditing and monitoring purposes it would be nice to have a generic tool which could decode them.
I think of something like this:
If I planned to transition to a more strict hashing policy, such a tool would be the base for a script which told me which users have to re-hash their password. Also I could monitor for salt reuse.
I know that there are plans to enforce hash policy with crypt.conf, but I think such a tool could be complementary as you won't be able to enforce a policy which excludes most of your users.