Method Crypto.Password.verify()

Method verify

int verify(string(8bit) password, string(8bit) hash)

Description

Verify a password against a hash.

This function attempts to support most common password hashing schemes. The hash can be on any of the following formats.

LDAP-style (RFC2307) hashes:

`"{SHA}XXXXXXXXXXXXXXXXXXXXXXXXXXXX"`	The `XXX` string is taken to be a MIME.encode_base64 SHA1 hash of the password. Source: OpenLDAP FAQ http://www.openldap.org/faq/data/cache/347.html.
`"{SSHA}XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"`	The `XXX` string is taken to be a MIME.encode_base64 string in which the first 20 chars are an SHA1 hash and the remaining chars the salt. The input for the hash is the password concatenated with the salt. Source: OpenLDAP FAQ http://www.openldap.org/faq/data/cache/347.html.
`"{MD5}XXXXXXXXXXXXXXXXXXXXXXXX"`	The `XXX` string is taken to be a MIME.encode_base64 MD5 hash of the password. Source: OpenLDAP FAQ http://www.openldap.org/faq/data/cache/418.html.
`"{SMD5}XXXXXXXXXXXXXXXXXXXXXXXXXXXX"`	The `XXX` string is taken to be a MIME.encode_base64 string in which the first 16 chars are an MD5 hash and the remaining chars the salt. The input for the hash is the password concatenated with the salt. Source: OpenLDAP FAQ http://www.openldap.org/faq/data/cache/418.html.
`"{CRYPT}XXXXXXXXXXXXX"`	The `XX` string is taken to be a crypt(3C)-style hash. This is the same thing as passing the `XXX` string without any preceding method name within `{...}`. I.e. it's interpreted according to the crypt-style hashes below.

Crypt-style hashes:

`"$6$SSSSSSSSSSSSSSSS$XXXXXXXXXXXXXXXXXXXXXX"`	The string is interpreted according to the "Unix crypt using SHA-256 and SHA-512" standard Version 0.4 2008-4-3, where `SSSSSSSSSSSSSSSS` is up to 16 characters of salt, and the string `XXX` the result of SHA512.crypt_hash() with `5000` rounds. Source: Unix crypt using SHA-256 and SHA-512 http://www.akkadia.org/drepper/SHA-crypt.txt
`"$6$rounds=RR$SSSSSSSSSSSSSSSS$XXXXXXXXXXXXXXXXXXXXXX"`	This is the same algorithm as the one above, but with the number of rounds specified by `RR` in decimal. Note that the number of rounds is clamped to be within `1000` and `999999999` (inclusive). Source: Unix crypt using SHA-256 and SHA-512 http://www.akkadia.org/drepper/SHA-crypt.txt
`"$5$SSSSSSSSSSSSSSSS$XXXXXXXXXXXXXXXXXXXXXX"`	The string is interpreted according to the "Unix crypt using SHA-256 and SHA-512" standard Version 0.4 2008-4-3, where `SSSSSSSSSSSSSSSS` is up to 16 characters of salt, and the string `XXX` the result of SHA256.crypt_hash() with `5000` rounds. Source: Unix crypt using SHA-256 and SHA-512 http://www.akkadia.org/drepper/SHA-crypt.txt
`"$5$rounds=RR$SSSSSSSSSSSSSSSS$XXXXXXXXXXXXXXXXXXXXXX"`	This is the same algorithm as the one above, but with the number of rounds specified by `RR` in decimal. Note that the number of rounds is clamped to be within `1000` and `999999999` (inclusive). Source: Unix crypt using SHA-256 and SHA-512 http://www.akkadia.org/drepper/SHA-crypt.txt
`"$1$SSSSSSSS$XXXXXXXXXXXXXXXXXXXXXX"`	The string is interpreted according to the GNU libc2 extension of `crypt(3C)` where `SSSSSSSS` is up to 8 chars of salt and the `XXX` string is an MD5-based hash created from the password and the salt. Source: GNU libc http://www.gnu.org/software/libtool/manual/libc/crypt.html.
`"XXXXXXXXXXXXX"`	The `XXX` string (which doesn't begin with `"{"`) is taken to be a password hashed using the classic unix `crypt(3C)` function. If the string contains only chars from the set `[a-zA-Z0-9./]` it uses DES and the first two characters as salt, but other alternatives might be possible depending on the `crypt(3C)` implementation in the operating system.
`""`	The empty password hash matches all passwords.

Returns

Returns 1 on success, and 0 (zero) otherwise.

Note

This function was added in Pike 7.8.755.

See also

hash(), crypt()