crypt_checkpass,
crypt_newhash —
password hashing
#include
<unistd.h>
int
crypt_checkpass(
const
char *password,
const char
*hash);
int
crypt_newhash(
const
char *password,
const char
*pref,
char
*hash,
size_t
hashsize);
The
crypt_checkpass() function simplifies
checking a user's password. If both the
hash
and the
password are the empty string,
authentication is a success. Otherwise, the
password is hashed and compared to the
provided
hash. If the
hash is
NULL, authentication will always fail, but
a default amount of work is performed to simulate the hashing operation. A
successful match will return 0. A failure will return -1 and set
errno(2).
The
crypt_newhash() function simplifies the
creation of new password hashes. The provided
password is randomly salted and hashed and
stored in
hash. The size of the available
space is specified by
hashsize, which should
be
_PASSWORD_LEN. The
pref argument identifies the preferred
hashing algorithm and parameters. Possible values are:
-
-
- “bcrypt,<rounds>”
- The bcrypt algorithm, where the value of rounds can be between 4 and 31
and specifies the base 2 logarithm of the number of rounds. If rounds is
omitted or the special value ‘a’, an appropriate number of
rounds is automatically selected based on system performance.
The
crypt_checkpass() and
crypt_newhash() functions return the
value 0 if successful; otherwise the value -1 is returned and
the global variable
errno is set to indicate
the error.
The
crypt_checkpass() function sets
errno to
EACCESS when authentication fails.
The
crypt_newhash() function sets
errno to
EINVAL if
pref is unsupported or insufficient space is
provided.
crypt(3),
login.conf(5),
passwd(5)
The function
crypt_checkpass() first appeared
in
OpenBSD 5.6, and
crypt_newhash() in
OpenBSD
5.7.
Ted Unangst
<
tedu@openbsd.org>
![[OpenBSD]](/openbsd.gif){kind=small}