Hello everybody. I sent an email to the misc@ list yesterday regarding a patch proposal for a man page. Upon request, I am submitting the same proposal here with some changes. I reproduce the original email here for those who don follow misc@.
///// I have been porting a stupid old program to OpenBSD. I hit a bit or a road block because this program uses crypt() but the man page at OpenBSD is not clear enough regarding a couple of details. Specifically: the man page does not provide a clear explanation of the format in which the _setting_ parameter is to be fed to crypt(). In fact, it says: "The second, setting, currently supports a single form. If it begins with a string character (‘$’) and a number then a different algorithm is used depending on the number." So far, so good. What it doesn't say is that if you don't identify the algorithm as either "2a" or "2b" you get an errno and no hash. It also does not specify that you need to provide the log2 of rounds with the _setting_ param, and that such log2 of rounds must be expressed as a two digit number. I am pasting a proposed patch for the crypt(3) man page. Suggestions and ideas are welcome. I am aware the crypt() family is deprecated. --- crypt.3 Thu Jan 21 16:59:05 2021 +++ crypt.new Fri Jan 22 21:33:15 2021 @@ -75,9 +75,13 @@ with a string character .Pq Ql $ and a number then a different algorithm is used depending on the number. -At the moment -.Ql $2 -chooses Blowfish hashing; see below for more information. +Some algorithms use additional bytes to set parameters. +.Pp +At the moment, only Blowfish hashing is supported; see below for more +information. +The algorithm should be +.Ql $2b +unless compatibility with OpenBSD versions earlier than 5.5 is needed. .Ss Blowfish crypt The Blowfish version of crypt has 128 bits of .Fa salt @@ -103,6 +107,18 @@ An encoded .Sq 8 would specify 256 rounds. +The logarithm of the number of rounds must be specified as a two-digit +number; therefore, +.Ql 8 +would be encoded as +.Ql 08 +.Pp +A valid Blowfish +.Fa setting +with no password looks like this: +.Pp +.Dq $2b$12$FPWWO2RJ3CK4FINTw0Hi8O . +.Pp A valid Blowfish password looks like this: .Pp .Dq $2b$12$FPWWO2RJ3CK4FINTw0Hi8OiPKJcX653gzSS.jqltHFMxyDmmQ0Hqq . -- OpenPGP Key Fingerprint: BB5A C2A2 2CAD ACB7 D50D C081 1DB9 6FC4 5AB7 92FA
