[C language] How to use the crypt function on Linux [Password hashing]

0. Introduction

I have a chance to use it and summarize what I have investigated. It seems that it uses Linux functions, so people who have used it in other languages will probably be able to use it in the same way.

My test environment Ubuntu 18.04.3 LTS Compiler gcc 7.4.0

There are two functions, the crypt () function and the crypt_r () function, but the crypt \ _r () function is the reentrant version of the crypt () function. That is, the crypt () function is not multithread safe, while the crypt_r () function is multithread safe. I will explain each of the two functions after giving usage examples.

** Note: ** The specifications of the crypt function vary depending on the OS, so if you want to know the exact contents, read the manual using the man 3 crypt command. The following content is for GNU / Linux (Ubuntu 18.0.4).

1. crypt () function

The prototype declaration is as follows. char *crypt(const char *key, const char *salt); key is the string you want to hash, salt is a character string used for hashing.

The return value is Hashed key, if id is not specified If id is specified, (salt string) + "$" + (hashed key). (The id will be described later.)

1.1 Example of using the crypt () function

crypt_test.c


#include<crypt.h>
#include<stdio.h>
#include<string.h>
#define BUFSIZE 1024

int main(void){
  char key[BUFSIZE] = "key"; //The string you want to hash
  char salt_origin[BUFSIZE] = "example"; //Salt string
  char salt[BUFSIZE]; 
  char encrypted[BUFSIZE]; //For storing results

  sprintf(salt, "$6$%s", salt_origin); //Salt shaping, id specification (described later)
  strcpy(encrypted, crypt(key, salt)); //The encrypted variable
                                       //String"$6$example$(Hashed key)"Is stored
  
  printf("%s\n", encrypted);
}

Add the -lcrypt option when compiling.

2. crypt_r () function

The prototype declaration is as follows. char *crypt_r(const char *key, const char *salt, struct crypt_data *data);

The crypt_data structure is defined in the crypt.h header file and is used to store the hash results.

Definition of crypt_data structure struct crypt_data { char keysched[16 * 8]; char sb0[32768]; char sb1[32768]; char sb2[32768]; char sb3[32768]; char crypt_3_buf[14]; char current_salt[2]; long int current_saltbits; int direction, initialized; };

Variables in the crypt_data structure must have their initialized member variables set to 0 before passing the structure variable in the first use of the crypt_r () function. The keys after hashing are stored in the keysched member variable.

2.1. Example of using the crypt_r () function

crypt_r_test.c


#define _GNU_SOURCE // crypt_r()To use the function, use this macro definition
                    //Must be listed before any file include
#include<crypt.h>
#include<stdio.h>

#define BUFSIZE 1024

int main(void){
  char key[BUFSIZE] = "key"; //The string you want to hash
  char salt_origin[BUFSIZE] = "example"; //Salt.
  char salt[BUFSIZE];

  struct crypt_data data; //Structure required for hash result storage
  data.initialized = 0; // crypt_r()Must be done before using the function.

  sprintf(salt, "$5$%s", salt_origin); //id specification((See below)

  crypt_r(key, salt, &data);
  printf("%s\n", data.keysched); //The keysched member variable
                                 //String"$5$example$(Hashed key)"Is stored
}

Add the -lcrypt option when compiling.

2.2. About \ _GNU \ _SOURCE

To use the crypt_r () function, you need to ** define the macro #define _GNU_SOURCE ** before including any header files. It is safe to write it at the beginning of the source code. When using a header file defined by yourself, it is safe to write it immediately after the include guard.

or Macro definition can also be done from the command line, so you can do it there. You can pass the option `-D [= value]` at compile time. For example, passing the option -DN = 2 at compile time has the same meaning as writing `#define N 2` in the source code. In this case, instead of writing `#define _GNU_SOURCE` at the beginning of the source code, you could add the option -D_GNU_SOURCE at compile time. If you use Makefile, this may be fine.

3. About salt

The characters that can be specified are [a-zA-Z0-9. /]. Lowercase alphabets, uppercase alphabets, numbers,'.' And'/'.

By adjusting the format of the salt passed to the crypt function, you can ** specify the hash algorithm **. Make salt like $ (id) $ (salt string) $. id is a number to specify the hash algorithm. (The hash algorithm will be described later) (By the way, the $ mark at the end of the salt string can be omitted.)

Example. salt =" $ 5 $ example "; In this example, the hash algorithm is specified by SHA-256, and "example" is specified as the salt character string.

If only a character string is passed without specifying an id, it will be hashed by the DES method.

3.1. salt id and hash algorithm

--Correspondence table between id and hash algorithm

id Hash algorithm
1 MD5
2a Blowfish(It may not be available depending on the OS)
5 SHA-256
6 SHA-512

If not specified, it will be DES. DES is very vulnerable and is not recommended because it uses only 2 characters for Salt and only recognizes passwords for up to 8 characters.

--Number of characters in the hashed string

Hash algorithm Number of characters in the hashed string
MD5 22 characters
SHA-256 43 characters
SHA-512 86 characters

--Number of characters in salt DES: Fixed to 2 characters (only the first 2 characters of the salt string are seen, the characters after that are ignored) MD5: Up to 8 characters (see only the first 8 characters of the salt string, the characters after that are ignored)

About the security of the hash algorithm DES<MD5<SHA-256<SHA-512 And, the larger the id number, the higher the safety.

4. At the end

Don't forget the ** -lcrypt option ** when compiling.

Please point out any mistakes.

5. Reference

https://linuxjm.osdn.jp/html/LDP_man-pages/man3/crypt.3.html https://blog.amedama.jp/entry/unix-crypt-3

Recommended Posts

[C language] How to use the crypt function on Linux [Password hashing]
How to use C216 Audio Controller on Arch Linux
How to use the zip function
[Linux] How to use the echo command
How to use the C library in Python
(Remember quickly) How to use the LINUX command line
[Tips] How to use iPhone as webcam on Linux
How to use the decorator
How to limit the API to be published in the C language shared library of Linux
How to use GitHub on a multi-person server without a password
[Hyperledger Iroha] Notes on how to use the Python SDK
Add Linux user, how to use useradd command (password specification)
Notes on how to use marshmallow in the schema library
[Linux] [C / C ++] How to get the return address value of a function and the function name of the caller
How to use the optparse module
How to use Dataiku on Windows
Notes on how to use pywinauto
How to install VMware-Tools on Linux
How to use homebrew on Debian
How to use computer language slowly 2
How to use python zip function
Notes on how to use doctest
How to use computer language slowly
How to use the ConfigParser module
[Python] Explains how to use the format function with an example
How to use the render function defined in .mako (.html) directly in mako
How to use the Spark ML pipeline
How to install aws-session-manager-plugin on Manajro Linux
How to use mecab, neologd-ipadic on colab
How to use Google Test in C
[python] How to use __command__, function explanation
I want to use Linux on mac
How to update php on Amazon linux 2
How to use Google Assistant on Windows 10
How to display emoji on Manjaro Linux
Memorandum on how to use gremlin python
How to install Anisble on Amazon Linux 2
How to operate Linux from the console
How to update security on CentOS Linux 8
How to use the IPython debugger (ipdb)
How to find large files on Linux
From the introduction of GoogleCloudPlatform Natural Language API to how to use it
[Python] Explains how to use the range function with a concrete example
[Python] How to use the enumerate function (extract the index number and element)
How to use MkDocs for the first time
How to use Python Kivy ④ ~ Execution on Android ~
How to access the contents of a Linux disk on a Mac (but read-only)
How to use the graph drawing library Bokeh
How to use the Google Cloud Translation API
How to use the NHK program guide API
[Algorithm x Python] How to use the list
[Python] How to use hash function and tuple.
How to install Camunda Modeler on Manjaro Linux
How to build Java environment on Ubuntu (Linux)
On Linux (Ubuntu), tune the Trackpad and set the function to a three-finger swipe
I want to use the activation function Mish
linux / c> link> Get the execution result of the shell command in the C program> I was taught how to use popen ()
How to display the modification date of a file in C language up to nanoseconds
Think about how to program Python on the iPad
How to put Takoyaki Oishikunaru on the segment tree
Beginners! Basic Linux commands and how to use them!