Updated: 2022/Sep/29
Please read Privacy Policy. It's for your privacy.
PW_GENSALT(3) Library Functions Manual PW_GENSALT(3) NAME pw_gensalt - passwd salt generation function LIBRARY Crypt Library (libcrypt, -lcrypt) SYNOPSIS #include <pwd.h> int pw_gensalt(char *salt, size_t saltlen, const char *type, const char *option); DESCRIPTION The pw_gensalt() function generates a "salt" to be added to a password hashing function to guarantee uniqueness and slow down dictionary and brute force attacks. The function places a random array of saltlen bytes in salt using the hash function specified in type with the function- specific option. The new salt types follow the "Modular Crypt Format" (MCF) standard and are of the form: $<id>[$<param>=<value>(,<param>=<value>)*][$<salt>[$<hash>]] The characters allowed in the password salt are alphanumeric and include a forward slash and a period (are in the regular expression format [A-Za-z0-9/.]). The following types are available: old The original Unix implementation. This is of the form _Gl/.????, where ? denotes a random alphanumeric character. The minimum salt size is 3. new The Seventh Edition Unix 12 bit salt. This has the same form as the `old'. The minimum salt size is 10. The number of rounds can be specified in option and is enforced to be between 7250 and 16777215. newsalt An alias for `new'. md5 A salt generated using the md5(1) algorithm. This is of the form $1$????????$. The minimum salt size is 13. sha1 A salt generated using the sha1(1) algorithm. This is of the form $sha1$nrounds$????????$, where nrounds is the number of rounds to be used. The number of rounds can be specified in option, and defaults to random if NULL. The minimum salt size is 8 and the maximum is 64. blowfish A salt generated using the `blowfish' algorithm. The minimum salt size is 30 and the number of rounds needs to be specified in option. This is of the form: $2a$nrounds$??????????????????????. The 2 in the salt string indicates the current blowfish version. argon2d This is of the form: $argon2d$v=19$m=MEMORY,t=TIME,p=THREADS$????????????????$ argon2i This is of the form: $argon2i$v=19$m=MEMORY,t=TIME,p=THREADS$????????????????$ argon2id This is of the form: $argon2id$v=19$m=MEMORY,t=TIME,p=THREADS$????????????????$ argon2 An alias for "argon2id". See crypt(3) for details on the Argon2 parameters. RETURN VALUES Upon successful completion, a value of 0 is returned. Otherwise, a value of -1 is returned and errno is set to indicate the error. ERRORS pw_gensalt() will fail if: [EINVAL] If the option is not specified or has an illegal value. [ENOSPC] The saltlen was not large enough to fit the salt for the specified type. SEE ALSO passwd(1), pwhash(1) HISTORY The pw_gensalt() function was written in 1997 by Niels Provos <provos@physnet.uni-hamburg.de>. The Modular Crypt Format (MCF): https://passlib.readthedocs.io/en/stable/modular_crypt_format.html. The Password Hashing Competition (PHC) format: https://github.com/P-H-C/phc-string-format/blob/master/phc-sf-spec.md. NetBSD 10.99 October 12, 2021 NetBSD 10.99