I lost the old thread. tedu@ said that we musn't recommend a buffer size of 61 (current underlying code), but instead suggested using _PASSWORD_LEN or 128.
_PASSWORD_LEN is used in /usr/src and /usr/ports. Index: lib/libc/crypt/crypt_checkpass.3 =================================================================== RCS file: /cvs/src/lib/libc/crypt/crypt_checkpass.3,v retrieving revision 1.9 diff -u -p -r1.9 crypt_checkpass.3 --- lib/libc/crypt/crypt_checkpass.3 23 Jul 2015 22:20:02 -0000 1.9 +++ lib/libc/crypt/crypt_checkpass.3 19 Jun 2017 20:18:30 -0000 @@ -58,17 +58,32 @@ The provided .Fa password is randomly salted and hashed and stored in .Fa hash . +.Fa hash +must already be allocated, and +.Fa hashsize +must contain its size, which depends on the underlying algorithm. +The constant +.Dv _PASSWORD_LEN +is recommended for that. The .Fa pref argument identifies the preferred hashing algorithm and parameters. +If set to +.Dv NULL +it defaults to +.Dq bcrypt,8 . Possible values are: .Bl -tag -width Ds -.It Dq bcrypt,<rounds> +.It Dq bcrypt[,<rounds>] The bcrypt algorithm, where the value of rounds can be between 4 and 31 and specifies the base 2 logarithm of the number of rounds. The special rounds value .Sq a automatically selects rounds based on system performance. +This is the default if rounds is omitted. +.Dq blowfish +can be used as an alias for +.Dq bcrypt . .El .Sh RETURN VALUES .Rv -std crypt_checkpass crypt_newhash @@ -89,7 +104,9 @@ to .Er EINVAL if .Fa pref -is unsupported. +is unsupported, or the value of +.Fa hashsize +is insufficient. .Sh SEE ALSO .Xr crypt 3 , .Xr login.conf 5 , -- Michal Mazurek