Method Crypto.Password.verify()
- Method verify
int
verify(string(8bit)
password
,string(8bit)
hash
)- Description
Verify a password against a hash.
This function attempts to support most common password hashing schemes. The
hash
can be on any of the following formats.LDAP-style (RFC2307) hashes:
"{SHA}XXXXXXXXXXXXXXXXXXXXXXXXXXXX"
The
XXX
string is taken to be a MIME.encode_base64 SHA1 hash of the password. Source: OpenLDAP FAQ http://www.openldap.org/faq/data/cache/347.html."{SSHA}XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
The
XXX
string is taken to be a MIME.encode_base64 string in which the first 20 chars are an SHA1 hash and the remaining chars the salt. The input for the hash is the password concatenated with the salt. Source: OpenLDAP FAQ http://www.openldap.org/faq/data/cache/347.html."{MD5}XXXXXXXXXXXXXXXXXXXXXXXX"
The
XXX
string is taken to be a MIME.encode_base64 MD5 hash of the password. Source: OpenLDAP FAQ http://www.openldap.org/faq/data/cache/418.html."{SMD5}XXXXXXXXXXXXXXXXXXXXXXXXXXXX"
The
XXX
string is taken to be a MIME.encode_base64 string in which the first 16 chars are an MD5 hash and the remaining chars the salt. The input for the hash is the password concatenated with the salt. Source: OpenLDAP FAQ http://www.openldap.org/faq/data/cache/418.html."{CRYPT}XXXXXXXXXXXXX"
The
XX
string is taken to be a crypt(3C)-style hash. This is the same thing as passing theXXX
string without any preceding method name within{...}
. I.e. it's interpreted according to the crypt-style hashes below.Crypt-style hashes:
"$6$SSSSSSSSSSSSSSSS$XXXXXXXXXXXXXXXXXXXXXX"
The string is interpreted according to the "Unix crypt using SHA-256 and SHA-512" standard Version 0.4 2008-4-3, where
SSSSSSSSSSSSSSSS
is up to 16 characters of salt, and the stringXXX
the result of SHA512.crypt_hash() with5000
rounds. Source: Unix crypt using SHA-256 and SHA-512 http://www.akkadia.org/drepper/SHA-crypt.txt"$6$rounds=RR$SSSSSSSSSSSSSSSS$XXXXXXXXXXXXXXXXXXXXXX"
This is the same algorithm as the one above, but with the number of rounds specified by
RR
in decimal. Note that the number of rounds is clamped to be within1000
and999999999
(inclusive). Source: Unix crypt using SHA-256 and SHA-512 http://www.akkadia.org/drepper/SHA-crypt.txt"$5$SSSSSSSSSSSSSSSS$XXXXXXXXXXXXXXXXXXXXXX"
The string is interpreted according to the "Unix crypt using SHA-256 and SHA-512" standard Version 0.4 2008-4-3, where
SSSSSSSSSSSSSSSS
is up to 16 characters of salt, and the stringXXX
the result of SHA256.crypt_hash() with5000
rounds. Source: Unix crypt using SHA-256 and SHA-512 http://www.akkadia.org/drepper/SHA-crypt.txt"$5$rounds=RR$SSSSSSSSSSSSSSSS$XXXXXXXXXXXXXXXXXXXXXX"
This is the same algorithm as the one above, but with the number of rounds specified by
RR
in decimal. Note that the number of rounds is clamped to be within1000
and999999999
(inclusive). Source: Unix crypt using SHA-256 and SHA-512 http://www.akkadia.org/drepper/SHA-crypt.txt"$1$SSSSSSSS$XXXXXXXXXXXXXXXXXXXXXX"
The string is interpreted according to the GNU libc2 extension of
crypt(3C)
whereSSSSSSSS
is up to 8 chars of salt and theXXX
string is an MD5-based hash created from the password and the salt. Source: GNU libc http://www.gnu.org/software/libtool/manual/libc/crypt.html."XXXXXXXXXXXXX"
The
XXX
string (which doesn't begin with"{"
) is taken to be a password hashed using the classic unixcrypt(3C)
function. If the string contains only chars from the set[a-zA-Z0-9./]
it uses DES and the first two characters as salt, but other alternatives might be possible depending on thecrypt(3C)
implementation in the operating system.""
The empty password hash matches all passwords.
- Returns
Returns
1
on success, and0
(zero) otherwise.- Note
This function was added in Pike 7.8.755.
- See also
hash()
, crypt()