| blob | f963e0778a819a7626c678958e115000e490d8de |
1 .\" $NetBSD: pwhash.1,v 1.6 2009/10/15 23:12:53 hubertf Exp $
2 .\" $OpenBSD: encrypt.1,v 1.16 2000/11/09 17:52:07 aaron Exp $
3 .\"
4 .\" Copyright (c) 1996, Jason Downs. All rights reserved.
5 .\"
6 .\" Redistribution and use in source and binary forms, with or without
7 .\" modification, are permitted provided that the following conditions
8 .\" are met:
9 .\" 1. Redistributions of source code must retain the above copyright
10 .\" notice, this list of conditions and the following disclaimer.
11 .\" 2. Redistributions in binary form must reproduce the above copyright
12 .\" notice, this list of conditions and the following disclaimer in the
13 .\" documentation and/or other materials provided with the distribution.
14 .\"
15 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS
16 .\" OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
17 .\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
18 .\" DISCLAIMED. IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT,
19 .\" INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
20 .\" (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
21 .\" SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
22 .\" CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25 .\" SUCH DAMAGE.
26 .\"
27 .Dd October 16, 2009
28 .Dt PWHASH 1
29 .Os
30 .Sh NAME
31 .Nm pwhash
32 .Nd hashes passwords from the command line or standard input
33 .Sh SYNOPSIS
34 .Nm pwhash
35 .Op Fl km
36 .Op Fl b Ar rounds
37 .Op Fl S Ar rounds
38 .Op Fl s Ar salt
39 .Op Fl p | Ar string
40 .Sh DESCRIPTION
41 .Nm
42 prints the encrypted form of
43 .Ar string
44 to the standard output.
45 This is mostly useful for encrypting passwords from within scripts.
46 .Pp
47 The options are as follows:
48 .Bl -tag -width Ds
49 .It Fl b Ar rounds
50 Encrypt the string using Blowfish hashing with the specified
51 .Ar rounds .
52 .It Fl k
53 Run in
54 .Xr makekey 8
55 compatible mode.
56 A single combined key (eight chars) and salt (two chars) with no
57 intermediate space are read from standard input and the DES encrypted
58 result is written to standard output without a terminating newline.
59 .It Fl m
60 Encrypt the string using MD5.
61 .It Fl p
62 Prompt for a single string with echo turned off.
63 .It Fl S Ar rounds
64 Encrypt the salt with HMAC-SHA1 using the password as key and the specified
65 .Ar rounds
66 as a hint for the number of iterations.
67 .It Fl s Ar salt
68 Encrypt the string using DES, with the specified
69 .Ar salt .
70 .El
71 .Pp
72 If no
73 .Ar string
74 is specified,
75 .Nm
76 reads one string per line from standard input, encrypting each one
77 with the chosen algorithm from above.
78 In the event that no specific algorithm is given as a command line option,
79 the algorithm specified in the default class in
80 .Pa /etc/passwd.conf
81 will be used.
82 .Pp
83 For MD5 and Blowfish a new random salt is automatically generated for each
84 password.
85 .Pp
86 Specifying the
87 .Ar string
88 on the command line should be discouraged; using the
89 standard input is more secure.
90 .Sh FILES
91 .Bl -tag -width /etc/passwd.conf -compact
92 .It Pa /etc/passwd.conf
93 .El
94 .Sh SEE ALSO
95 .Xr crypt 3 ,
96 .Xr passwd.conf 5