Method Crypto.Password.hash()

Method hash

string(7bit) hash(string(8bit) password, string(7bit)|void scheme, int(0..)|void rounds)

Description

Generate a hash of password suitable for verify().

Parameter password

Password to hash.

Parameter scheme

Password hashing scheme. If not specified the strongest available will be used.

If an unsupported scheme is specified an error will be thrown.

Supported schemes are:

Crypt(3C)-style:

`UNDEFINED`	Use the strongest crypt(3C)-style hash that is supported.
`"crypt"`
`"{crypt}"`
`"6"`	SHA512.crypt_hash() with 96 bits of salt and a default of `5000` rounds.
`"$6$"`
`"5"`	SHA256.crypt_hash() with 96 bits of salt and a default of `5000` rounds.
`"$5$"`
`"3"`	The NTLM MD4 hash.
`"NT"`	The NTLM MD4 hash.
`"2"`	`Nettle.bcrypt()` with 128 bits of salt and a default of `1024` rounds.
`"2a"`
`"2b"`
`"2x"`
`"2y"`
`"$2$"`
`"$2a$"`
`"$2b$"`
`"$2x$"`
`"$2y$"`
`"1"`	MD5.crypt_hash() with 48 bits of salt and `1000` rounds.
`"$1$"`	MD5.crypt_hash() with 48 bits of salt and `1000` rounds.
`"sha1"`	SHA1.HMAC.crypt_hash() with 48 bits of salt and a default of `480000` rounds.
`"P"`	MD5.crypt_php() with 48 bits of salt and a default of `1<<19` rounds. The specified number of rounds will be rounded up to the closest power of `2`.
`"$P$"`
`"H"`
`"$H$"`
`"U$P$"`	Same as `"$P$"`, the supplied `password` is assumed to have already been passed through MD5.hash() once. Typically used to upgrade unsalted MD5-password databases.
`"Q"`	Same as `"$P$"`, but with SHA1.crypt_php().
`"$Q$"`	Same as `"$P$"`, but with SHA1.crypt_php().
`"S"`	Same as `"$S$"`, but with SHA512.crypt_php().
`"$S$"`	Same as `"$S$"`, but with SHA512.crypt_php().
`"pbkdf2"`	SHA1.pbkdf2().
`"$pbkdf2$"`	SHA1.pbkdf2().
`"pbkdf2-sha256"`	SHA256.pbkdf2().
`"$pbkdf2-sha256$"`	SHA256.pbkdf2().
`"pbkdf2-sha512"`	SHA512.pbkdf2().
`"$pbkdf2-sha512$"`	SHA512.pbkdf2().
`""`	crypt() with 12 bits of salt.

LDAP (RFC 2307)-style. Don't use these if you can avoid it, since they are suspectible to attacks. In particular avoid the unsalted variants at all costs:

`"ssha"`	SHA1.hash() with 96 bits of salt appended to the password.
`"{ssha}"`
`"smd5"`	MD5.hash() with 96 bits of salt appended to the password.
`"{smd5}"`
`"sha"`	SHA1.hash() without any salt.
`"{sha}"`
`"md5"`	MD5.hash() without any salt.
`"{md5}"`

Parameter rounds

The number of rounds to use in parameterized schemes. If not specified the scheme specific default will be used.

Returns

Returns a string suitable for verify(). This means that the hashes will be prepended with the suitable markers.

Note

Note that the availability of SHA512 depends on the version of Nettle that Pike has been compiled with.

Note

This function was added in Pike 7.8.755.