Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > muc.lists.netbsd.tech.security > #262
| From | Jan Schaumann <jschauma@netmeister.org> |
|---|---|
| Newsgroups | muc.lists.netbsd.tech.security |
| Subject | crypt(3) manual page |
| Date | 2025-11-16 13:19 -0500 |
| Organization | Newsgate at muc.de e.V. |
| Message-ID | <aRoVuhOpS7bkdUo_@netmeister.org> (permalink) |
[Multipart message — attachments visible in raw view] - view raw
Hello, I think the current crypt(3) manual page is not as helpful as it could be. Based on the current description, a user might think that a valid 'setting' to select MD5 without a salt might be crypt(pass, "$1") It would need to be "$1$", or, obviously better, "$1$salt". The manual page also says "The entire password string is passed as setting for interpretation." which... is confusing. You pass the parameters via 'setting' to _yield_ the "entire password string" - I'm not sure what is meant here by this phrase. (You need the entire string to perform _validation_, so that you can construct the 'setting', then call crypt(3) with the plaintext, then compare the result, but I think that's outside the scope of this manual page.) For the Argon2 and Blowfish functions, the manual page ought to describe the version string, and for both MD5 and Blowfish we should note that the salt is silently truncated if longer than allowed. Attached are my suggested improvements for this manual page - does that look ok? -Jan
Back to muc.lists.netbsd.tech.security | Previous | Next — Next in thread | Find similar
crypt(3) manual page Jan Schaumann <jschauma@netmeister.org> - 2025-11-16 13:19 -0500
Re: crypt(3) manual page Valery Ushakov <uwe@stderr.spb.ru> - 2025-11-17 16:58 +0300
Re: crypt(3) manual page Jan Schaumann <jschauma@netmeister.org> - 2025-11-17 09:19 -0500
Re: crypt(3) manual page Valery Ushakov <uwe@stderr.spb.ru> - 2025-11-17 18:06 +0300
csiph-web