Home | History | Annotate | Download | only in pwhash
History log of /src/usr.bin/pwhash/pwhash.c
RevisionDateAuthorComments
 1.16  21-Oct-2019  jhigh adding argon2 support to libcrypt. argon2 user authentication now
available via MKARGON2=yes (3 variants supported; argon2id recommended)
before using, please read argon2 paper at
https://github.com/P-H-C/phc-winner-argon2
 1.15  16-Sep-2011  joerg branches: 1.15.42;
Use __dead
 1.14  05-Mar-2006  christos PR/31144: YOMURA Masanori: pwhash -S/-b never use optarg
 1.13  02-Jun-2005  lukem appease gcc -Wuninitialized
 1.12  12-Jan-2005  christos more cleanups, WARNS=3
 1.11  12-Jan-2005  christos Use pw_gensalt() instead of using the cipher functions directly. Simplifies
the code a lot.
 1.10  11-Jan-2005  christos - use the gensalt functions from libcrypt instead of rolling our own.
 1.9  17-Nov-2004  wiz Merge single-letter options; sync order in man page and usage.
 1.8  01-Nov-2004  dsl Add (unsigned char) cast to ctype functions
 1.7  12-Oct-2004  sjg Apply patch from PR 26779
and update man page (not quite per PR 26780).
 1.6  02-Jul-2004  sjg Add support for SHA1 hashed passwords.
The algorithm used is essentially PBKDF1 from RFC 2898 but using
hmac_sha1 rather than SHA1 directly (suggested by smb@research.att.com).

* The format of the encrypted password is:
* $<tag>$<iterations>$<salt>$<digest>
*
* where:
* <tag> is "sha1"
* <iterations> is an unsigned int identifying how many rounds
* have been applied to <digest>. The number
* should vary slightly for each password to make
* it harder to generate a dictionary of
* pre-computed hashes. See crypt_sha1_iterations.
* <salt> up to 64 bytes of random data, 8 bytes is
* currently considered more than enough.
* <digest> the hashed password.

hmac.c implementes HMAC as defined in RFC 2104 and includes a unit
test for both hmac_sha1 and hmac_sha1 using a selection of the Known
Answer Tests from RFC 2202.

It is worth noting that to be FIPS compliant the hmac key (password)
should be 10-20 chars.
 1.5  14-Jul-2003  itojun use bounded string op
 1.4  23-Jun-2003  agc Add NetBSD RCS Ids.
 1.3  02-Oct-2002  jdolecek couple minor changes:
* move buffer[] to print_passwd(); it's used only there
* make trim(), usage(), print_passwd() static, and g/c no longer needed
prototypes for them
* replace __progname with getprogname()/setprogname()
* move the prototypes for pwd_getsalt()/to64() outside of print_passwd()

change reviewed by Niels
 1.2  02-Oct-2002  wiz Add NetBSD RCS Id. Sort options.
 1.1  01-Oct-2002  provos password hashing utility that allows des, md5 or bcrypt passwords to be
created in scripts; tool originally from downsj@openbsd.org;
approved by perry.
 1.15.42.1  13-Apr-2020  martin Mostly merge changes from HEAD upto 20200411

RSS XML Feed