pwencrypt - encrypt/hash password Unix-style


<pwencrypt $pass $salt>

The pwencrypt function generates a hashed Unix-style password for each cleartext password value of $pass. The corresponding value of $salt is used as the salt; if it is empty a random salt is generated. There must be one or more values of $pass and $salt; if fewer values of $salt exist than $pass, the last $salt value is re-used.

In version 7 and earlier, only DES was supported, and only the first 8 characters of the password and first 2 characters of the salt were used.

In version 8 and later, more secure hash methods were added: MD5, SHA-256, and SHA-512. These are indicated with a leading "$1$", "$5$", and "$6$" method id in the $salt value, respectively (as per Unix crypt()). (The method id "$0$" may also be given to indicate DES.) Additionally, for the SHA methods a "rounds=$N$$" parameter may follow the method id, to indicate how many rounds to perform (from 1000 through 999999999). The remainder of the value is used as the actual salt data (which will be randonly generated if the remainder is empty). The default method in version 8 and later is given by [Texis] Default Password Hash Method in conf/texis.ini, or SHA-512 if that is unset. The default number of rounds for SHA methods is given by [Texis] Default Password Hash Rounds, or 5000 if that is unset.

pwencrypt returns each $pass password, hashed Unix-style. A random salt is used if the $salt value (pass any initial method id and parameters) is empty.


<!-- $enpass is Unix /etc/passwd hashed password field; -->
<!-- $pass is user password                             -->
<pwencrypt $pass $enpass>
<IF $ret eq $enpass>
  Login ok.
  Bad login.

The pwencrypt function was added Oct. 25 1996.

encrypt, decrypt

Copyright © Thunderstone Software     Last updated: Jul 17 2021
Copyright © 2021 Thunderstone Software LLC. All rights reserved.