I have a chance to use it and summarize what I have investigated. It seems that it uses Linux functions, so people who have used it in other languages will probably be able to use it in the same way.
There are two functions, the crypt () function and the crypt_r () function, but the crypt \ _r () function is the reentrant version of the crypt () function. That is, the crypt () function is not multithread safe, while the crypt_r () function is multithread safe. I will explain each of the two functions after giving usage examples.
** Note: ** The specifications of the crypt function vary depending on the OS, so if you want to know the exact contents, read the manual using the man 3 crypt command.
The following content is for GNU / Linux (Ubuntu 18.0.4).
The prototype declaration is as follows.
char *crypt(const char *key, const char *salt);
key is the string you want to hash,
salt is a character string used for hashing.
The return value is Hashed key, if id is not specified If id is specified, (salt string) + "$" + (hashed key). (The id will be described later.)
crypt_test.c
#include<crypt.h>
#include<stdio.h>
#include<string.h>
#define BUFSIZE 1024
int main(void){
char key[BUFSIZE] = "key"; //The string you want to hash
char salt_origin[BUFSIZE] = "example"; //Salt string
char salt[BUFSIZE];
char encrypted[BUFSIZE]; //For storing results
sprintf(salt, "$6$%s", salt_origin); //Salt shaping, id specification (described later)
strcpy(encrypted, crypt(key, salt)); //The encrypted variable
//String"$6$example$(Hashed key)"Is stored
printf("%s\n", encrypted);
}
Add the -lcrypt option when compiling.
The prototype declaration is as follows.
char *crypt_r(const char *key, const char *salt, struct crypt_data *data);
The crypt_data structure is defined in the crypt.h header file and is used to store the hash results.
Variables in the crypt_data structure must have their initialized member variables set to 0 before passing the structure variable in the first use of the crypt_r () function. The keys after hashing are stored in the keysched member variable.
crypt_r_test.c
#define _GNU_SOURCE // crypt_r()To use the function, use this macro definition
//Must be listed before any file include
#include<crypt.h>
#include<stdio.h>
#define BUFSIZE 1024
int main(void){
char key[BUFSIZE] = "key"; //The string you want to hash
char salt_origin[BUFSIZE] = "example"; //Salt.
char salt[BUFSIZE];
struct crypt_data data; //Structure required for hash result storage
data.initialized = 0; // crypt_r()Must be done before using the function.
sprintf(salt, "$5$%s", salt_origin); //id specification((See below)
crypt_r(key, salt, &data);
printf("%s\n", data.keysched); //The keysched member variable
//String"$5$example$(Hashed key)"Is stored
}
Add the -lcrypt option when compiling.
To use the crypt_r () function, you need to ** define the macro #define _GNU_SOURCE ** before including any header files.
It is safe to write it at the beginning of the source code.
When using a header file defined by yourself, it is safe to write it immediately after the include guard.
The characters that can be specified are [a-zA-Z0-9. /]. Lowercase alphabets, uppercase alphabets, numbers,'.' And'/'.
By adjusting the format of the salt passed to the crypt function, you can ** specify the hash algorithm **.
Make salt like $ (id) $ (salt string) $.
id is a number to specify the hash algorithm. (The hash algorithm will be described later)
(By the way, the $ mark at the end of the salt string can be omitted.)
Example. salt =" $ 5 $ example ";
In this example, the hash algorithm is specified by SHA-256, and "example" is specified as the salt character string.
If only a character string is passed without specifying an id, it will be hashed by the DES method.
--Correspondence table between id and hash algorithm
| id | Hash algorithm |
|---|---|
| 1 | MD5 |
| 2a | Blowfish(It may not be available depending on the OS) |
| 5 | SHA-256 |
| 6 | SHA-512 |
If not specified, it will be DES. DES is very vulnerable and is not recommended because it uses only 2 characters for Salt and only recognizes passwords for up to 8 characters.
--Number of characters in the hashed string
| Hash algorithm | Number of characters in the hashed string |
|---|---|
| MD5 | 22 characters |
| SHA-256 | 43 characters |
| SHA-512 | 86 characters |
--Number of characters in salt DES: Fixed to 2 characters (only the first 2 characters of the salt string are seen, the characters after that are ignored) MD5: Up to 8 characters (see only the first 8 characters of the salt string, the characters after that are ignored)
About the security of the hash algorithm DES<MD5<SHA-256<SHA-512 And, the larger the id number, the higher the safety.
Don't forget the ** -lcrypt option ** when compiling.
Please point out any mistakes.
https://linuxjm.osdn.jp/html/LDP_man-pages/man3/crypt.3.html https://blog.amedama.jp/entry/unix-crypt-3
Recommended Posts