crypt_checkpass,
crypt_newhash —
password hashing
#include
<unistd.h>
int
crypt_checkpass(
const
char *password,
const char
*hash);
int
crypt_newhash(
const
char *password,
const char
*pref,
char
*hash,
size_t
hashsize);
The
crypt_checkpass() function is provided to
simplify checking a user's password. If both the
hash and the
password are the empty string, authentication
is a success. Otherwise, the
password is
hashed and compared to the provided
hash. If
the
hash is
NULL, authentication will always fail, but
a default amount of work is performed to simulate the hashing operation. A
successful match will return 0. A failure will return -1 and set
errno(2).
The
crypt_newhash() function is provided to
simplify the creation of new password hashes. The provided
password is randomly salted and hashed and
stored in
hash. The
pref argument identifies the preferred
hashing algorithm and parameters. Possible values are:
-
-
- “bcrypt,<rounds>”
- The bcrypt algorithm, where the value of rounds can be between 4 and 31
and specifies the base 2 logarithm of the number of rounds. The special
rounds value ‘a’ automatically selects rounds based on
system performance.
The
crypt_checkpass() and
crypt_newhash() functions return the
value 0 if successful; otherwise the value -1 is returned and
the global variable
errno is set to indicate
the error.
The
crypt_checkpass() function sets
errno to
EACCESS when authentication fails.
The
crypt_newhash() function sets
errno to
EINVAL if
pref is unsupported.
crypt(3),
login.conf(5),
passwd(5)
The function
crypt_checkpass() first appeared
in
OpenBSD 5.6, and
crypt_newhash() in
OpenBSD
5.7.
Ted Unangst
<
tedu@openbsd.org>
![[OpenBSD]](/openbsd.gif){kind=small}