As per documentation, Confd support annotation ianach:crypt-hash and the method of hash is configurable via confid.conf in path /confdConfig/cryptHash.
However, I can’t find any configuration of the salt method. Actually I would like to know if the salt method follow the description defined in https://ciso-ksp.kpnnet.org/document/detail?id=KSP-RE-485&filters=&offset=0&query=KSP-RE-485
the length of the randomly-generated portion of the salt must be at least 128 bits. The salt must be generated using a known good random bit generator
As you mention, ConfD uses the ianach:crypt-hash type which is an IETF standard - from the iana-crypt-hash YANG module, as defined in RFC 7317:
--------------------
description
"The crypt-hash type is used to store passwords using
a hash function. The algorithms for applying the hash
function and encoding the result are implemented in
various UNIX systems as the function crypt(3).
...
reference
"IEEE Std 1003.1-2008 - crypt() function
--------------------
The specification of the algorithm used for the SHA-256 and SHA-512 cases can be found in https://www.akkadia.org/drepper/SHA-crypt.txt
ConfD uses an independent implementation of that specification.
<salt> cannot be configured, it is generated for each hash string randomly based on https://www.openssl.org/docs/man1.1.1/man3/RAND_bytes.html. As the link you provided points out, using the same salt for all passwords is dangerous because a precomputed table that simply accounts for the salt will render the salt useless. Salt re-use can also cause users with the same password to have the same hash, so that more than one user may be compromised by cracking a single hash.
You can for example use the Linux mkpasswd frontend to the password encryption function crypt(3) to check the password ConfD generated as the salt for example for SHA-512 is the 16 characters (128-bit) between initial “$6$” and “$”.
So if you added <cryptHash><algorithm>sha-512</algorithm></cryptHash> to your confd.conf file, started ConfD, and have added, for example, a user “admin” with password “admin” added to ConfD’s internal authentication: