Pike v8.0 release 1738

Method Crypto.Password.hash()


Method hash

string(7bit) hash(string(8bit) password, string(7bit)|void scheme, int|void rounds)

Description

Generate a hash of password suitable for verify().

Parameter password

Password to hash.

Parameter scheme

Password hashing scheme. If not specified the strongest available will be used.

If an unsupported scheme is specified an error will be thrown.

Supported schemes are:

Crypt(3C)-style:

UNDEFINED

Use the strongest crypt(3C)-style hash that is supported.

"crypt"
"{crypt}"
"6"

SHA512.crypt_hash() with 96 bits of salt and a default of 5000 rounds.

"$6$"
"5"

SHA256.crypt_hash() with 96 bits of salt and a default of 5000 rounds.

"$5$"
"1"

MD5.crypt_hash() with 48 bits of salt and 1000 rounds.

"$1$"
""

crypt() with 12 bits of salt.

LDAP (RFC2307)-style. Don't use these if you can avoid it, since they are suspectible to attacks. In particular avoid the unsalted variants at all costs:

"ssha"

SHA1.hash() with 96 bits of salt appended to the password.

"{ssha}"
"smd5"

MD5.hash() with 96 bits of salt appended to the password.

"{smd5}"
"sha"

SHA1.hash() without any salt.

"{sha}"
"md5"

MD5.hash() without any salt.

"{md5}"
Parameter rounds

The number of rounds to use in parameterized schemes. If not specified the scheme specific default will be used.

Returns

Returns a string suitable for verify(). This means that the hashes will be prepended with the suitable markers.

Note

Note that the availability of SHA512 depends on the version of Nettle that Pike has been compiled with.

Note

This function was added in Pike 7.8.755.

See also

verify(), crypt(), Nettle.crypt_md5(), Nettle.Hash()->crypt_hash()