man-pages/man-pages-2.75-crypt.patch
2008-01-14 10:28:03 +00:00

75 lines
2.2 KiB
Diff

diff -up man-pages-2.75/man3/crypt.3.pom man-pages-2.75/man3/crypt.3
--- man-pages-2.75/man3/crypt.3.pom 2008-01-03 17:07:29.000000000 +0100
+++ man-pages-2.75/man3/crypt.3 2008-01-14 11:04:42.000000000 +0100
@@ -141,22 +141,59 @@ function was not implemented, probably b
SVr4, 4.3BSD, POSIX.1-2001
.SH NOTES
.SS Glibc Notes
-The glibc2 version of this function has the following additional features.
+The glibc2 version of this function has the following additional features:
+
If
.I salt
-is a character string starting with the three characters "$1$"
-followed by at most eight characters, and optionally terminated by "$",
-then instead of using the DES machine, the glibc crypt function
-uses an MD5-based algorithm, and outputs up to 34 bytes,
-namely "$1$<salt>$<encoded>", where
-"<salt>" stands for the up to 8 characters following "$1$" in the salt,
-and "<encoded>" is a further 22 characters.
-The characters in "<salt>" and "<encoded>" are drawn from the set
+is a character string starting with the three characters "$<ID>$"
+followed by a string terminated by "$",
+
+$<ID>$<salt>$<pwd>
+
+then instead of using the DES machine, ID identifies the method used and
+this then determines how the rest of the password string is
+interpreted. So far the following ID values are in use:
+
+.TS
+l l.
+ID | Method
+_
+1 | MD5 (Linux, BSD)
+2a | Blowfish (OpenBSD)
+md5 | Sun MD5
+.TE
+
+For the new SHA-256 and SHA-512 methods the following values are
+selected:
+
+.TS
+l l.
+ID | Method
+_
+5 | SHA-256
+6 | SHA-512
+.TE
+
+So $5$<salt>$<pwd> is a SHA-256 encoded password and $6$<salt>$<pwd> is a
+SHA-512 encoded one.
+
+"<salt>" stands for the up to 16 characters following "$ID$" in the salt.
+The pwd part of the password string is the actual computed password.
+The size of this string is fixed:
+
+.TS
+l l.
+MD5 | 22 characters
+SHA-256 | 43 characters
+SHA-512 | 86 characters
+.TE
+
+The characters in "<salt>" and "<pwd>" are drawn from the set
[\fBa\fP\(en\fBzA\fP\(en\fBZ0\fP\(en\fB9./\fP].
-The entire
+In SHA implementation the entire
.I key
is significant here (instead of only the first
-8 bytes).
+8 bytes in MD5).
.SH "SEE ALSO"
.BR login (1),
.BR passwd (1),