crypt()

Hash a password

Synopsis:

#include <unistd.h>

char * crypt( const char * key, 
              const char * salt );

Arguments:

key
A NUL-terminated string (normally a password typed by a user).
salt
One of the following strings:
  • A string of at least two characters that represents the salt, where the first character is not @ (at sign). If this format is used, crypt() returns the result of a call to r_crypt(), which uses the older DES implementation for hashing.
  • A string that uses the format @digest@X@salt or @digest,iterations@X@salt, which specifies the standard PBKDF2 implementation and where:
    • digest is either S (use SHA512 digest) or s (use SHA256 digest).
    • iterations is an optional value that follows the digest character and a comma that specifies an iterations value to use instead of the default value used in PBKDF2 (4096).
    • salt is the Base64-encoded salt value.
    For example:
    @S,8192@X@salt

Library:

liblogin

Use the -l login option to qcc to link against this library.

Note: We've deprecated the version of this function in libc. You should link against liblogin if your application authenticates users against the /etc/passwd and /etc/shadow files.

Description:

The crypt() function hashes a password. It's based on the Data Encryption Standard algorithm, and also includes code to deter key search attempts.

Note: This function checks only the first eight characters of key.

The algorithm obtains a 56-bit key by taking the lowest 7 bits of the first eight characters of key. The 56-bit key is used to repeatedly hash a constant string (usually all zeroes).

For license information, see Licensing information in Typographical Conventions, Support, and Licensing.

Returns:

A pointer to the 13-character hashed value, or NULL on failure. The first two characters of the hashed value are the salt itself.

Note: The return value points to static data that's overwritten by each call to crypt().

Classification:

POSIX 1003.1 XSI

Safety:  
Cancellation point No
Interrupt handler No
Signal handler No
Thread No