The hashing methods implemented by are designed only  to  process
     user  passphrases  for  storage  and authentication; they are not
     suitable  for  use  as  general-purpose   cryptographic   hashes.
     Passphrase  hashing  is not a replacement for strong passphrases.
     It is always possible for an attacker with access to  the  hashed
     passphrases  to  guess  and check possible cleartext passphrases.
     However, with a strong hashing method, guessing will be too  slow
     for  the  attacker  to  discover a strong passphrase.  All of the
     hashing methods use a to perturb the hash function, so  that  the
     same  passphrase may produce many possible hashes.  Newer methods
     accept longer salt strings.  The salt should be chosen at  random
     for  each  user.   Salt  defeats  a  number of attacks: It is not
     possible to hash a passphrase once and then test it against  each
     account's  stored hash; the hash calculation must be repeated for
     each account.  It is not possible to tell  whether  two  accounts
     use  the same passphrase without successfully guessing one of the
     phrases.   Tables  of  precalculated  hashes  of  commonly   used
     passphrases  must  have  an  entry  for each possible salt, which
     makes them impractically large.  All of the hashing  methods  are
     also deliberately engineered to be slow; they use many iterations
     of an underlying cryptographic primitive to increase the cost  of
     each  guess.   The  newer  hashing  methods  allow  the number of
     iterations to be adjusted, using the parameter to This  makes  it
     possible  to keep the hash slow as hardware improves.  All of the
     hashing methods supported by produce a  hashed  passphrase  which
     consists  of  four  components:  and  The  prefix  controls which
     hashing method is to be used, and is the  appropriate  string  to
     pass to to select that method.  The contents of and are up to the
     method.  Depending on the  method,  the  and  components  may  be
     empty.    The  argument  to  must  begin  with  the  first  three
     components of a valid hashed passphrase, but anything after  that
     is  ignored.   This  makes  authentication simple: hash the input
     passphrase using the stored passphrase as the setting,  and  then
     compare  the result to the stored passphrase.  Hashed passphrases
     are always entirely printable  ASCII,  and  do  not  contain  any
     whitespace  or  the  characters  or (These characters are used as
     delimiters and special markers in the and files.)  The syntax  of
     each  component  of  a  hashed  passphrase  is  up to the hashing
     method.  characters usually delimit components, and the salt  and
     hash  are usually encoded as numerals in base 64.  The details of
     this base-64 encoding vary among  hashing  methods.   The  common
     encoding  specified  by RFC 4648 is usually used.  This is a list
     of the hashing  methods  supported  by  in  decreasing  order  of
     strength.   Many of the older methods are now considered too weak
     to use for new passphrases.   The  hashed  passphrase  format  is
     expressed  with  extended  regular  expressions (see and does not
     show the division into prefix, options, salt, and hash.