Method Crypto.Password.verify()


Method verify

int verify(string(8bit) password, string(7bit) hash)

Description

Verify a password against a hash.

This function attempts to support most common password hashing schemes.

Parameter password

Binary password. This is typically is typically a textual string normalized according to string_to_utf8(Unicode.normalize(raw_password, "NFC")), but some operating systems (eg MacOS X) may have other conventions.

Parameter hash

The hash can be on any of the following formats.

LDAP-style (RFC 2307) hashes:

"{SHA}XXXXXXXXXXXXXXXXXXXXXXXXXXXX"

The XXX string is taken to be a MIME.encode_base64 SHA1 hash of the password. Source: OpenLDAP FAQ http://www.openldap.org/faq/data/cache/347.html.

"{SSHA}XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"

The XXX string is taken to be a MIME.encode_base64 string in which the first 20 chars are an SHA1 hash and the remaining chars the salt. The input for the hash is the password concatenated with the salt. Source: OpenLDAP FAQ http://www.openldap.org/faq/data/cache/347.html.

"{MD5}XXXXXXXXXXXXXXXXXXXXXXXX"

The XXX string is taken to be a MIME.encode_base64 MD5 hash of the password. Source: OpenLDAP FAQ http://www.openldap.org/faq/data/cache/418.html.

"{SMD5}XXXXXXXXXXXXXXXXXXXXXXXXXXXX"

The XXX string is taken to be a MIME.encode_base64 string in which the first 16 chars are an MD5 hash and the remaining chars the salt. The input for the hash is the password concatenated with the salt. Source: OpenLDAP FAQ http://www.openldap.org/faq/data/cache/418.html.

"{CRYPT}XXXXXXXXXXXXX"

The XX string is taken to be a crypt(3C)-style hash. This is the same thing as passing the XXX string without any preceding method name within {...}. I.e. it's interpreted according to the crypt-style hashes below.

Crypt-style hashes:

"$6$SSSSSSSSSSSSSSSS$XXXXXXXXXXXXXXXXXXXXXX"

The string is interpreted according to the "Unix crypt using SHA-256 and SHA-512" standard Version 0.4 2008-4-3, where SSSSSSSSSSSSSSSS is up to 16 characters of salt, and the string XXX the result of SHA512.crypt_hash() with 5000 rounds. Source: Unix crypt using SHA-256 and SHA-512 http://www.akkadia.org/drepper/SHA-crypt.txt

"$6$rounds=RR$SSSSSSSSSSSSSSSS$XXXXXXXXXXXXXXXXXXXXXX"

This is the same algorithm as the one above, but with the number of rounds specified by RR in decimal. Note that the number of rounds is clamped to be within 1000 and 999999999 (inclusive). Source: Unix crypt using SHA-256 and SHA-512 http://www.akkadia.org/drepper/SHA-crypt.txt

"$5$SSSSSSSSSSSSSSSS$XXXXXXXXXXXXXXXXXXXXXX"

The string is interpreted according to the "Unix crypt using SHA-256 and SHA-512" standard Version 0.4 2008-4-3, where SSSSSSSSSSSSSSSS is up to 16 characters of salt, and the string XXX the result of SHA256.crypt_hash() with 5000 rounds. Source: Unix crypt using SHA-256 and SHA-512 http://www.akkadia.org/drepper/SHA-crypt.txt

"$5$rounds=RR$SSSSSSSSSSSSSSSS$XXXXXXXXXXXXXXXXXXXXXX"

This is the same algorithm as the one above, but with the number of rounds specified by RR in decimal. Note that the number of rounds is clamped to be within 1000 and 999999999 (inclusive). Source: Unix crypt using SHA-256 and SHA-512 http://www.akkadia.org/drepper/SHA-crypt.txt

"$3$$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"

This is interpreted as the NT LANMANAGER (NTLM) password hash. It is a hex representation of MD4 of the password.

"$1$SSSSSSSS$XXXXXXXXXXXXXXXXXXXXXX"

The string is interpreted according to the GNU libc2 extension of crypt(3C) where SSSSSSSS is up to 8 chars of salt and the XXX string is an MD5-based hash created from the password and the salt. Source: GNU libc http://www.gnu.org/software/libtool/manual/libc/crypt.html.

"$sha1$RRRRR$SSSSSSSS$XXXXXXXXXXXXXXXXXXXX"

The string is interpreted as a NetBSD-style SHA1.HMAC.crypt_hash() (aka crypt_sha1(3C)), where RRRRR is the number of rounds (default 480000), SSSSSSSS is a MIME.crypt64() encoded salt. and the XXX string is an SHA1.HMAC-based hash created from the password and the salt.

"$P$RSSSSSSSSXXXXXXXXXXXXXXXXXXXXXX"

The string is interpreted as a PHPass' Portable Hash password hash, where R is an encoding of the 2-logarithm of the number of rounds, SSSSSSSS is a salt of 8 characters, and XXX is similarily the MIME.encode_crypt64 of running MD5.hash() repeatedly on the password and the salt.

"$H$RSSSSSSSS.XXXXXXXXXXXXXXXXXXXXXX"

Same as "$P$" above. Used by phpBB3.

"U$P$RSSSSSSSSXXXXXXXXXXXXXXXXXXXXXX"

This is handled as a Drupal upgraded PHPass Portable Hash password. The password is run once through MD5.hash(), and then passed along to the "$P$"-handler above.

"$Q$RSSSSSSSSXXXXXXXXXXXXXXXXXXXXXX"

The string is interpreted as a PHPass' Portable Hash password hash, where the base hashing alorithm has been switched to SHA1. This method is apparently used by some versions of Escher CMS.

"$S$RSSSSSSSSXXXXXXXXXXXXXXXXXXXXXX"

The string is interpreted as a PHPass' Portable Hash password hash, where the base hashing alorithm has been switched to SHA256. This method is apparently used by some versions of Drupal.

"$pbkdf2$RRRRR$SSSSS$XXXXXXXXXXXXX"

The string is interpreted as SHA1.crypt_pbkdf2().

"$pbkdf2-sha256$RRRRR$SSSSS$XXXXXXXXXXXXX"

The string is interpreted as SHA256.crypt_pbkdf2().

"$pbkdf2-sha512$RRRRR$SSSSS$XXXXXXXXXXXXX"

The string is interpreted as SHA512.crypt_pbkdf2().

"pbkdf2_sha256$RRRRR$SSSSS$XXXXXXXXXXXXX"

The string is interpreted as the Django variant of SHA256.crypt_pbkdf2(). This differs from the standard variant ("$pbkdf2-sha256$") in that the hash is encoded with plain MIME.encode_base64() (ie including padding ('=') and plus ('+') characters).

"XXXXXXXXXXXXX"

The XXX string (which doesn't begin with "{") is taken to be a password hashed using the classic unix crypt(3C) function. If the string contains only chars from the set [a-zA-Z0-9./] it uses DES and the first two characters as salt, but other alternatives may be possible depending on the crypt(3C) implementation in the operating system.

""

The empty password hash matches all passwords.

Returns

Returns 1 on success, and 0 (zero) otherwise.

Note

This function was added in Pike 7.8.755.

See also

hash(), crypt()