crypt,
bcrypt_gensalt,
bcrypt —
password hashing
#include
<stdlib.h>
#include
<unistd.h>
char *
crypt(
const
char *key,
const
char *setting);
#include <pwd.h>
char *
bcrypt_gensalt(
u_int8_t
log_rounds);
char *
bcrypt(
const
char *key,
const
char *salt);
These functions are deprecated in favor of
crypt_checkpass(3) and
crypt_newhash(3).
The
crypt() function performs password hashing.
Additional code has been added to deter key search attempts and to use
stronger hashing algorithms.
The first argument to
crypt() is a NUL-terminated
string
key, typically a user's typed
password. The second,
setting, currently
supports a single form. If it begins with a string character
(‘
$
’) and a number then a different
algorithm is used depending on the number. At the moment
‘
$2
’ chooses Blowfish hashing; see below
for more information.
The Blowfish version of crypt has 128 bits of
salt in order to make building dictionaries
of common passwords space consuming. The initial state of the Blowfish cipher
is expanded using the
salt and the
password repeating the process a variable
number of rounds, which is encoded in the password string. The maximum
password length is 72. The final Blowfish password entry is created by
encrypting the string
“OrpheanBeholderScryDoubt”
with the Blowfish state 64 times.
The version number, the logarithm of the number of rounds and the concatenation
of salt and hashed password are separated by the
‘
$
’ character. An encoded
‘8’ would specify 256 rounds. A valid Blowfish password looks
like this:
“$2b$12$FPWWO2RJ3CK4FINTw0Hi8OiPKJcX653gzSS.jqltHFMxyDmmQ0Hqq”.
The whole Blowfish password string is passed as
setting for interpretation.
The function
crypt() returns a pointer to the
encrypted value on success, and
NULL
on
failure.
encrypt(1),
login(1),
passwd(1),
blowfish(3),
crypt_checkpass(3),
getpass(3),
passwd(5)
A rotor-based
crypt() function appeared in
Version 3 AT&T UNIX. A DES-based
crypt() first appeared in
Version 7 AT&T UNIX.
bcrypt() first appeared in
OpenBSD 2.1.
The
crypt() function returns a pointer to static
data, and subsequent calls to
crypt() will modify
the same object.