diff --git a/Makefile.am b/Makefile.am index 2cb07ca5..d0d2a9bc 100644 --- a/Makefile.am +++ b/Makefile.am @@ -20,8 +20,10 @@ EXTRA_DIST = \ notrans_dist_man3_MANS = \ crypt.3 crypt_r.3 crypt_ra.3 crypt_rn.3 \ - crypt_gensalt.3 crypt_gensalt_ra.3 crypt_gensalt_rn.3 -notrans_dist_man5_MANS = crypt.5 + crypt_gensalt.3 crypt_gensalt_ra.3 crypt_gensalt_rn.3 \ + crypt_checksalt.3 +notrans_dist_man5_MANS = crypt.5 crypt.conf.5 +notrans_dist_man8_MANS = crypt-checkconf.8 crypt-tune-costs.8 nodist_include_HEADERS = crypt.h nodist_noinst_HEADERS = crypt-hashes.h crypt-base.h diff --git a/crypt-checkconf.8 b/crypt-checkconf.8 new file mode 100644 index 00000000..c1aa9651 --- /dev/null +++ b/crypt-checkconf.8 @@ -0,0 +1,96 @@ +.\" Written by Zack Weinberg in 2018. +.\" +.\" To the extent possible under law, the authors have waived +.\" all copyright and related or neighboring rights to this work. +.\" See https://creativecommons.org/publicdomain/zero/1.0/ for further +.\" details. +.\" +.Dd August 14, 2018 +.Dt CRYPT-CHECKCONF 8 +.Os "libxcrypt" +.Sh NAME +.Nm crypt-checkconf +.Nd validate crypt.conf +.Sh SYNOPSIS +.Nm +.Op Fl m +.Op Ar file +.Sh DESCRIPTION +The +.Nm +utility validates a file in the format of +.Xr crypt.conf 5 . +If a +.Ar file +is given on the command line, it validates that file; +otherwise, it validates +.Pa /etc/crypt.conf . +.Ar file +may be specified as +.Sq Li \&- +to read standard input. +Problems found are reported to standard error. +.Pp +The following problems are detected: +.Bl -bullet +.It +Lines containing syntactic garbage or unprintable characters. +Characters with the 8th bit set are allowed, but only in comments. +.It +Unrecognized hashing method names. +.It +Unrecognized values for the +.Ar allowed use +field. +.It +.Ar key Ns = Ns Ar value +fields with an unrecognized +.Ar key . +.It +Invalid values for the +.Ar rounds +parameter, either syntactically or because they do not meet the +restrictions for the hashing method. +.El +.Sh OPTIONS +.Bl -tag -width 2m +.It Fl m , \-merge\-defaults +Merge all of the valid lines in the input file +with the compiled-in defaults, +and write the result to standard output. +This produces a configuration file +with the same behavior as the original, +but having explicit settings for each hashing method. +Comments are preserved. +Lines with problems are echoed as comments. +.Pp +To print out just the compiled-in defaults, +ignoring whatever might be in +.Pa /etc/crypt.conf , +use +.Pp +.Dl crypt-checkconf -m /dev/null +.El +.Sh EXIT STATUS +The exit status is 0 if no problems were found, 1 if at least one problem +was found, and 2 if a system error occurred. +.Pp +Note that if no +.Ar file +is given on the command line, and +.Pa /etc/crypt.conf +does not exist, that is +.Em not +considered to be an error, because +.Fn crypt +and +.Fn crypt_gensalt +treat a nonexistent +.Pa /etc/crypt.conf +the same as if it were empty. +.Sh SEE ALSO +.Xr crypt 3 , +.Xr crypt_gensalt 3 , +.Xr crypt 5 , +.Xr crypt.conf 5 , +.Xr crypt\-tune\-costs 8 diff --git a/crypt-tune-costs.8 b/crypt-tune-costs.8 new file mode 100644 index 00000000..01e15b9b --- /dev/null +++ b/crypt-tune-costs.8 @@ -0,0 +1,149 @@ +.\" Written by Zack Weinberg in 2018. +.\" +.\" To the extent possible under law, the authors have waived +.\" all copyright and related or neighboring rights to this work. +.\" See https://creativecommons.org/publicdomain/zero/1.0/ for further +.\" details. +.\" +.Dd August 14, 2018 +.Dt CRYPT-TUNE-COSTS 8 +.Os "libxcrypt" +.Sh NAME +.Nm crypt-tune-costs +.Nd choose cost parameters for passphrase hashing +.Sh SYNOPSIS +.Nm +.Op Fl sv +.Op Fl t Ar milliseconds +.Op Fl p Ar method +.Op Fl e Ar method , Ns Ar method , Ns .\|.\|. +.Op Fl l Ar method , Ns Ar method , Ns .\|.\|. +.Op Fl d Ar method , Ns Ar method , Ns .\|.\|. +.Sh DESCRIPTION +The +.Nm +utility measures the speed of all the hashing methods supported by +.Xr crypt 3 , +and selects cost parameters that will make each of them +take a specified amount of time on the current hardware. +By default, this is 250 milliseconds, +which is long enough to impose significant costs on brute-force attackers, +while not annoying legitimate users. +Hashing methods that cannot be made to take this long +will be marked as +.Em legacy , +to be used only for authentication against existing hashes. +.Pp +.Nm +writes a configuration file suitable for use as +.Pa /etc/security/crypt.conf +(see +.Xr crypt.conf 5 ) +to its standard output. +.Sh OPTIONS +.Bl -tag -width 2m +.It Fl s , \-strict +Disable hashing methods that cannot be made to take the +specified amount of time, instead of marking them as legacy. +.It Fl v , \-verbose +Write detailed information about the process of searching for +appropriate cost parameters to standard error. +.It Fl t Ar milliseconds ; Fl \-time Ns = Ns Ar milliseconds +Try to make each hashing method take +.Ar milliseconds +milliseconds. +The number supplied must be positive, and may be either an integer or +a decimal fraction. +.It Fl p Ar method ; Fl \-preferred Ns = Ns Ar method +Use +.Ar method +as the preferred hashing method for new passphrases; that is, +.Nm crypt_gensalt +will generate a setting string for this method when its +.Ar prefix +argument is NULL. +.Fl p Ar method +implies +.Fl e Ar method . +.It Fl e Ar method , Ns Ar method , Ns .\|.\|. ; Fl \-enabled Ns = Ns Ar method , Ns Ar method , Ns .\|.\|. +Use each +.Ar method +for authentication against existing hashes, +and allow them to be used in new hashes. +.Pp +.Fl e Ar all +means to enable all known hashing methods. +.It Fl l Ar method , Ns Ar method , Ns .\|.\|. ; Fl \-legacy Ns = Ns Ar method , Ns Ar method , Ns .\|.\|. +Use each +.Ar method +only for authentication against existing passphrase hashes; +.Nm crypt_gensalt +will refuse to generate new setting strings for them. +.Nm +will not bother selecting cost parameters for these hashes. +.Pp +.Fl l Ar all +means to mark all known hashing methods as legacy. +.It Fl d Ar method , Ns Ar method , Ns .\|.\|. ; Fl \-disabled Ns = Ns Ar method , Ns Ar method , Ns .\|.\|. +Do not allow any of the +.Ar method Ns s +to be used at all; both +.Nm crypt_gensalt +and +.Nm crypt +will fail if directed to use them. +.Nm +will not bother selecting cost parameters for these hashes. +.Pp +.Fl d Ar all +means to disable all known hashing methods. +.Pp +.Em Caution: +Users whose passphrases were hashed using a disabled method +will not be able to log in with a passphrase. +If they log in some other way +(e.g.\& an SSH key) +they will not be able to +.Em change +their passphrase, because +.Xr passwd 1 +will not be able to validate their old passphrase. +.El +.Pp +The +.Fl p , +.Fl e , +.Fl l , +and +.Fl d +options may be given any number of times and in any order. +If more than one of these options is given for the same +.Ar method , +the last one on the command line wins. +.Sh EXIT STATUS +The exit status is 0 if the generated +.Pa crypt.conf +has at least one hashing method enabled for new passphrases. +It is 1 if it does not, or if a system error occurred. +.Sh EXAMPLES +Select costs parameters for all hashes that are enabled by default: +.Pp +.Dl # crypt-tune-costs > /etc/crypt.conf +.Pp +Select a cost parameter for yescrypt, which will be used as the +default hash; mark all other hashes as disabled: +.Pp +.Dl # crypt-tune-costs -d all -p yescrypt > /etc/crypt.conf +.Pp +Find cost parameters that will make all hashes take approximately 2 seconds. +Disable all hashes that cannot be made to take this long. +Display detailed progress information, and dump the generated +.Pa crypt.conf +to the terminal: +.Pp +.Dl $ crypt-tune-costs -e all -m 2000 -vs +.Sh SEE ALSO +.Xr crypt 3 , +.Xr crypt_gensalt 3 , +.Xr crypt 5 , +.Xr crypt.conf 5 diff --git a/crypt.3 b/crypt.3 index 70d5b9bc..2f19ca38 100644 --- a/crypt.3 +++ b/crypt.3 @@ -282,7 +282,10 @@ when they fail. .Bl -tag -width Er .It Er EINVAL .Fa setting -is invalid, or requests a hashing method that is not supported. +is invalid, +or requests a hashing method that is not supported +or has been disabled in +.Xr crypt.conf 5 . .It Er ERANGE .Nm crypt_rn only: @@ -463,6 +466,7 @@ originate with the Openwall project. .Xr login 1 , .Xr passwd 1 , .Xr crypt 5 , +.Xr crypt.conf 5 , .Xr passwd 5 , .Xr shadow 5 , .Xr pam 8 diff --git a/crypt.5 b/crypt.5 index 52a9b15a..5bc30b1f 100644 --- a/crypt.5 +++ b/crypt.5 @@ -33,7 +33,7 @@ However, with a strong hashing method, guessing will be too slow for the attacker to discover a strong passphrase. .Pp -All of the hashing methods use a +Most of the hashing methods use a .Dq salt to perturb the hash function, so that the same passphrase may produce many possible hashes. @@ -132,6 +132,12 @@ the hashing methods supported by in decreasing order of strength. Many of the older methods are now considered too weak to use for new passphrases. +.Pp +The name given in the subheading for each method +is the name to use in +.Xr crypt.conf 5 +to set local configuration for that method. +.Pp The hashed passphrase format is expressed with extended regular expressions (see .Xr regex 7 ) @@ -167,14 +173,15 @@ and does not show the division into prefix, options, salt, and hash. .El .. .Ss yescrypt -yescrypt is a scalable passphrase hashing scheme designed by Solar Designer, -which is based on Colin Percival's scrypt. +An improved version of scrypt (see below), +with greater resistance to offline attacks. +Developed by Solar Designer. Recommended for new hashes. .hash "$y$" "\e$y\e$[./A-Za-z0-9]+\e$[./A-Za-z0-9]{,86}\e$[./A-Za-z0-9]{43}" unlimited 8 256 256 "up to 512" "1 to 11 (logarithmic)" .Ss scrypt -scrypt is a password-based key derivation function created by Colin Percival, +A hash created by Colin Percival, originally for the Tarsnap online backup service. -The algorithm was specifically designed to make it costly to perform +The algorithm was designed to make it costly to perform large-scale custom hardware attacks by requiring large amounts of memory. In 2016, the scrypt algorithm was published by IETF as RFC 7914. .hash "$7$" "\e$7\e$[./A-Za-z0-9]{11,97}\e$[./A-Za-z0-9]{43}" unlimited 8 256 256 "up to 512" "6 to 11 (logarithmic)" @@ -191,7 +198,15 @@ It exists for historical reasons only. The alternative prefixes "$2a$" and "$2x$" provide bug-compatibility with crypt_blowfish 1.0.4 and earlier, which incorrectly processed characters with the 8th bit set. -.Ss SHA-2-512 +In +.Pa crypt.conf , +the treatment of alternative prefixes can be configured using the +names +.Li bcrypt_a , +.Li bcrypt_x , +and +.Li bcrypt_y . +.Ss sha512crypt A hash based on SHA-2 with 512-bit output, originally developed by Ulrich Drepper for GNU libc. Supported on Linux but not common elsewhere. @@ -199,7 +214,7 @@ Acceptable for new hashes. The default CPU time cost parameter is 5000, which is too low for modern hardware. .hash "$6$" "\e$6\e$(rounds=[1-9][0-9]+\e$)?[./0-9A-Za-z]{1,16}\e$[./0-9A-Za-z]{86}" unlimited 8 512 512 "6 to 96" "1000 to 999,999,999" -.Ss SHA-2-256 +.Ss sha256crypt A hash based on SHA-2 with 256-bit output, originally developed by Ulrich Drepper for GNU libc. Supported on Linux but not common elsewhere. @@ -207,14 +222,14 @@ Acceptable for new hashes. The default CPU time cost parameter is 5000, which is too low for modern hardware. .hash "$5$" "\e$5\e$(rounds=[1-9][0-9]+\e$)?[./0-9A-Za-z]{1,16}\e$[./0-9A-Za-z]{43}" unlimited 8 256 256 "6 to 96" "1000 to 999,999,999" -.Ss SHA-1 +.Ss sha1crypt A hash based on HMAC-SHA1. Originally developed by Simon Gerraty for NetBSD. Not as weak as the DES-based hashes below, but SHA1 is so cheap on modern hardware that it should not be used for new hashes. .hash "$sha1" "\e$sha1\e$[1-9][0-9]+\e$[./0-9A-Za-z]{1,64}\e$[./0-9A-Za-z]{8,64}[./0-9A-Za-z]{32}" unlimited 8 160 160 "6 to 384" "4 to 4,294,967,295" -.Ss MD5 (Sun) +.Ss sunmd5 A hash based on the MD5 algorithm, with additional cleverness to make precomputation difficult, originally developed by Alec David Muffet for Solaris. @@ -223,7 +238,7 @@ Not as weak as the DES-based hashes below, but MD5 is so cheap on modern hardware that it should not be used for new hashes. .hash "$md5" "\e$md5(,rounds=[1-9][0-9]+)?\e$[./0-9A-Za-z]{8}\e${1,2}[./0-9A-Za-z]{22}" unlimited 8 128 128 48 "4096 to 4,294,963,199" -.Ss MD5 (FreeBSD) +.Ss md5crypt A hash based on the MD5 algorithm, originally developed by Poul-Henning Kamp for FreeBSD. Supported on most free Unixes and newer versions of Solaris. @@ -232,7 +247,7 @@ but MD5 is so cheap on modern hardware that it should not be used for new hashes. CPU time cost is not adjustable. .hash "$1$" "\e$1\e$[^$]{1,8}\e$[./0-9A-Za-z]{22}" unlimited 8 128 128 "6 to 48" 1000 -.Ss BSDI extended DES +.Ss bsdicrypt A weak extension of traditional DES, which eliminates the length limit, increases the salt size, @@ -251,7 +266,7 @@ and it does this in a crude way that allows attackers to guess chunks of a long passphrase in parallel. It should not be used for new hashes. .hash "" "[./0-9A-Za-z]{13,178}" 128 7 "up to 896" "up to 1024" 12 25 -.Ss Traditional DES +.Ss descrypt The original hashing method from Unix V7, based on the DES block cipher. Because DES is cheap on modern hardware, because there are only 4096 possible salts and 2**56 possible hashes, @@ -262,7 +277,7 @@ passphrase hashed with this method. It should only be used if you absolutely have to generate hashes that will work on an old operating system that supports nothing else. .hash "" "[./0-9A-Za-z]{13}" 8 7 56 64 12 25 -.Ss NTHASH +.Ss nt The hashing method used for network authentication in some versions of the SMB/CIFS protocol. Available, for cross-compatibility's sake, on FreeBSD. diff --git a/crypt.conf.5 b/crypt.conf.5 new file mode 100644 index 00000000..3a31d19c --- /dev/null +++ b/crypt.conf.5 @@ -0,0 +1,263 @@ +.\" Written by Zack Weinberg in 2018. +.\" +.\" To the extent possible under law, the authors have waived +.\" all copyright and related or neighboring rights to this work. +.\" See https://creativecommons.org/publicdomain/zero/1.0/ for further +.\" details. +.\" +.Dd August 14, 2018 +.Dt CRYPT.CONF 5 +.Os "libxcrypt" +.Sh NAME +.Nm crypt.conf +.Nd configuration of passphrase hashing +.Sh DESCRIPTION +The file +.Nm +(normally installed in +.Pa /etc ) +determines which of several +.Dq hashing methods +may be used by +.Xr crypt 3 , +.Xr crypt_gensalt 3 , +and related functions to hash user passphrases. +For hashing methods that have tunable parameters, +it also allows adjustment of the default values for those parameters. +.Pp +Each line of +.Nm +configures a single hashing method. +If a hashing method is not mentioned in +.Nm , +compiled-in defaults are used for that method. +(The utility +.Xr crypt-checkconf 8 +can print out these defaults.) +If +.Nm +does not exist, +that is the same as if it were empty: +the compiled-in defaults are used for all methods. +.Pp +Fields on each line are separated by tabs or spaces. +Comments begin with a +.Sq Li \&# +and extend to the end of the line. +(Comments can begin in the middle of a line.) +Blank lines are ignored. +.Pp +Two fields are required for each hashing method: +.Bl -tag -width 3n +.It Sy Method name +This field identifies the hashing method to be configured. +It is a short, C-style identifier +such as +.Dq Sy bcrypt +or +.Dq Sy sha256crypt . +The names for each supported hashing method are given in +.Xr crypt 5 . +Unrecognized hashing methods are ignored. +.It Sy Allowed use +This field indicates how this hashing method is allowed to be used +on this system. +It has four possible settings: +.Bl -tag -width 3n +.It Ar preferred +This is the preferred method for new hashes: it will be used when a +.Ar prefix +is not supplied to +.Nm crypt_gensalt . +.It Ar enabled No (also Ar new , on , true , yes ) +This method may be used for new hashes: that is, +.Nm crypt_gensalt +will generate +.Ar setting +strings specifying this method, +when directed to do so by its +.Ar prefix +argument. +.It Ar legacy No (also Ar old , existing ) +This method may not be used for new hashes: +.Nm crypt_gensalt +will fail if directed to use this method. +However, +.Nm crypt +will accept +.Nm setting +strings that specify this method, +so it can still be used +to authenticate users against stored hashes. +.It Ar disabled No (also Ar off , false , no ) +This method may not be used at all. +Both +.Nm crypt_gensalt +and +.Nm crypt +will fail if directed to use this method. +.Pp +.Em Caution: +Users whose passphrases were hashed using a disabled method +will not be able to log in with a passphrase. +If they log in some other way +(e.g.\& an SSH key) +they will not be able to +.Em change +their passphrase, because +.Xr passwd 1 +will not be able to validate their old passphrase. +.El +.Pp +An unrecognized value in this field is treated as +.Ar disabled . +.Pp +The function +.Xr crypt_checksalt 3 +reports the +.Sy allowed use +of a setting string; +this can be used by programs such as +.Xr login 1 +to determine whether a user's passphrase should be re-hashed +using a newer method. +.El +.Pp +All subsequent fields are optional. +They must all have the form +.Bk +.Sy key Ns = Ns Ar value , +.Ek +where +.Sy key +is a C-style identifier, and +.Ar value +contains no spaces or tabs. +(Quotation marks, backslashes, etc.\& are not significant.) +Unrecognized +.Sy key Ns s +are ignored. +Presently, only one key is recognized: +.Bl -tag -width 3n +.It Sy rounds Ns = Ns Ar n +Set the default cost parameter for this hashing method to +.Ar n . +.Nm crypt_gensalt +will use +.Ar n +instead of its compiled-in default for this hashing method, +when its +.Ar count +argument is zero. +.Pp +The +.Nm +syntax allows any positive, decimal integer for +.Ar n , +but each hashing method has its own restrictions +on the values that may be used for its cost parameter. +These restrictions are documented in +.Xr crypt 5 , +as are the compiled-in defaults used when this key is not present. +Invalid values are ignored. +.Pp +The utility +.Xr crypt-tune-cost 8 +can be used to select cost parameters that are appropriate for +the machine it is run on. +.El +.Sh EXAMPLES +This +.Nm +fragment specifies that +.Nm bcrypt +is the preferred method for new hashes; +.Nm sha256crypt +is acceptable for new hashes, +but an increased number of rounds should be used; +.Nm md5crypt +is allowed only for old hashes; +and +.Nm descrypt +may not be used at all. +.Bd -literal -offset indent +bcrypt preferred +sha256crypt yes rounds=50000 # compiled-in default 5000 +md5crypt legacy +descrypt off +.Ed +.Sh ERROR HANDLING +In general, syntax errors and unrecognized material in +.Nm +cause the malformed line or field to be ignored. +Any unrecognized value for the +.Sy allowed use +field is treated as +.Ar disabled , +to ensure that authentication fails closed. +A warning message is logged with +.Xr syslog 3 +under these circumstances: +.Bl -bullet +.It +.Nm crypt +is called with a +.Ar setting +that specifies a +.Ar disabled +hashing method +(including a method with an unrecognized +.Sy allowed use ) . +.It +.Nm crypt_gensalt +is called with a +.Ar prefix +explicitly requesting the use of a +.Ar disabled +or +.Ar legacy +hashing method. +.It +An unrecognized +.Sy key Ns = Ns Ar value +field appears on the line configuring the hashing method that +.Nm crypt_gensalt +is about to generate a +.Ar setting +string for. +.It +The +.Sy rounds +parameter for the hashing method that +.Nm crypt_gensalt +is about to generate a +.Ar setting +string for +is either syntactically invalid +or does not meet the restrictions for that hashing method. +.El +.Pp +The utility +.Xr crypt-checkconf 8 +can be used to scan +.Nm +for errors. +.Sh BUGS +The +.Dq Ar legacy +use is enforced only by +.Nm crypt_gensalt . +Applications that generate +.Ar setting +strings themselves may continue to create new hashes using methods whose +allowed use is set to +.Ar legacy . +.Sh FILES +.Pa /etc/crypt.conf +.Sh SEE ALSO +.Xr crypt 5 , +.Xr crypt 3 , +.Xr crypt_gensalt 3 , +.Xr crypt_checksalt 3 , +.Xr crypt\-checkconf 8 , +.Xr crypt\-tune\-cost 8 diff --git a/crypt_checksalt.3 b/crypt_checksalt.3 new file mode 100644 index 00000000..bbe20d55 --- /dev/null +++ b/crypt_checksalt.3 @@ -0,0 +1,97 @@ +.\" Written by Zack Weinberg in 2018. +.\" +.\" To the extent possible under law, the authors have waived +.\" all copyright and related or neighboring rights to this work. +.\" See https://creativecommons.org/publicdomain/zero/1.0/ for further +.\" details. +.\" +.Dd August 14, 2018 +.Dt CRYPT_CHECKSALT 3 +.Os "libxcrypt" +.Sh NAME +.Nm crypt_checksalt +.Nd validate a crypt setting string +.Sh LIBRARY +.Lb libcrypt +.Sh SYNOPSIS +.In crypt.h +.Ft int +.Fo crypt_checksalt +.Fa "const char *setting" +.Fc +.Sh DESCRIPTION +.Nm +checks the +.Ar setting +string against the configuration in +.Pa /etc/crypt.conf +and reports whether the hashing method and parameters it specifies +are acceptable. +It is intended to be used by programs +such as +.Xr login 1 +to determine whether the user's passphrase should be re-hashed +using the currently preferred hashing method. +.Sh RETURN VALUES +The return value is 0 if there is nothing wrong with this setting. +Otherwise, it is one of the following constants: +.Bl -tag -width 4n +.It Dv CRYPT_SALT_INVALID +.Ar setting +is not a valid setting string; either it specifies a hashing method +that is not known to this version of libxcrypt, +or it specifies invalid parameters for the method. +.It Dv CRYPT_SALT_METHOD_DISABLED +.Ar setting +specifies a hashing method that is no longer allowed to be used at all; +.Nm crypt +will fail if passed this +.Ar setting . +Manual intervention will be required to reactivate the user's account. +.It Dv CRYPT_SALT_METHOD_LEGACY +.Ar setting +specifies a hashing method that is no longer considered strong enough +for use with new passphrases. +.Nm crypt +will still authenticate a passphrase against this setting, +but if authentication succeeds, +the passphrase should be re-hashed using the currently preferred method. +.It Dv CRYPT_SALT_TOO_CHEAP +.Ar setting +specifies cost parameters that are considered too cheap for use with +new passphrases. +.Nm crypt +will still authenticate a passphrase against this setting, +but if authentication succeeds, +the passphrase should be re-hashed using the currently preferred method. +.El +.Sh FEATURE TEST MACROS +.In crypt.h +will define the macro +.Dv CRYPT_CHECKSALT_AVAILABLE +if +.Nm +is available in the current version of libxcrypt. +.Sh PORTABILITY NOTES +The function +.Nm +is not part of any standard. +It was added to libxcrypt in version 4.2.0. +.Sh ATTRIBUTES +For an explanation of the terms used in this section, see +.Xr attributes 7 . +.TS +allbox; +lb lb lb +l l l. +Interface Attribute Value +T{ +.Nm +T} Thread safety MT-Safe +.TE +.sp +.Sh SEE ALSO +.Xr crypt 3 , +.Xr crypt_gensalt 3 , +.Xr crypt 5 , +.Xr crypt.conf 5 diff --git a/crypt_gensalt.3 b/crypt_gensalt.3 index 3b3dab5c..b570fa0b 100644 --- a/crypt_gensalt.3 +++ b/crypt_gensalt.3 @@ -173,11 +173,15 @@ and will not be equal to .Bl -tag -width Er .It Er EINVAL .Fa prefix -is invalid or not supported by this implementation; +is invalid, +or requests a hashing method that is not supported +or has been disabled for new hashes in +.Xr crypt.conf 5 . +.br .Fa count is invalid for the requested -.Fa prefix ; -the input +.Fa prefix . +.br .Fa nrbytes is insufficient for the smallest valid salt with the requested .Fa prefix .