summaryrefslogtreecommitdiff
path: root/lib/libc
diff options
context:
space:
mode:
authorNiels Provos <provos@cvs.openbsd.org>1998-02-25 11:25:14 +0000
committerNiels Provos <provos@cvs.openbsd.org>1998-02-25 11:25:14 +0000
commit06d683f27e073970cc4a6efcfaffcf730d2bb746 (patch)
tree93609453d424f4e964e653025d901704df05ab74 /lib/libc
parentf2ca1e2ca88f2efdc98b24cde2b9e8003bda1de3 (diff)
clarify about possible password lengths.
Diffstat (limited to 'lib/libc')
-rw-r--r--lib/libc/crypt/crypt.315
1 files changed, 9 insertions, 6 deletions
diff --git a/lib/libc/crypt/crypt.3 b/lib/libc/crypt/crypt.3
index 0ec89c038f0..6f360cc65f7 100644
--- a/lib/libc/crypt/crypt.3
+++ b/lib/libc/crypt/crypt.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: crypt.3,v 1.9 1997/11/30 23:16:30 provos Exp $
+.\" $OpenBSD: crypt.3,v 1.10 1998/02/25 11:25:13 provos Exp $
.\"
.\" FreeSec: libcrypt
.\"
@@ -99,11 +99,13 @@ For
crypt the version number,
.Fa salt
and the hashed password are separated
-by the ``$'' character. A valid password looks like this:
+by the ``$'' character. The maximum length of a password is limited by
+the length counter of the MD5 context, which is about
+2**64. A valid MD5 password entry looks like this:
.Pp
``$1$caeiHQwX$hsKqOjrFRRN6K32OWkCBf1''.
.Pp
-The whole password string is passed as
+The whole MD5 password string is passed as
.Fa setting
for interpretation.
.Ss "Blowfish" crypt:
@@ -121,7 +123,8 @@ cipher is expanded using the
and the
.Fa password
repeating the process a variable number of rounds, which is encoded in
-the password string. The final password entry is created by encrypting
+the password string. The maximum password length is 72. The final Blowfish
+password entry is created by encrypting
the string ``OrpheanBeholderScryDoubt'' with the
.Tn Blowfish
state 64 times.
@@ -130,11 +133,11 @@ The version number, the logarithm of the number of rounds and
the concatenation of salt and
hashed password are separated by the ``$'' character. An encoded ``8''
would specify 256 rounds.
-A valid password looks like this:
+A valid Blowfish password looks like this:
.Pp
``$2a$12$eIAq8PR8sIUnJ1HaohxX2O9x9Qlm2vK97LJ5dsXdmB.eXF42qjchC''.
.Pp
-The whole password string is passed as
+The whole Blowfish password string is passed as
.Fa setting
for interpretation.
.Ss "Traditional" crypt: