b302373f87
available via MKARGON2=yes (3 variants supported; argon2id recommended) before using, please read argon2 paper at https://github.com/P-H-C/phc-winner-argon2
124 lines
3.8 KiB
Groff
124 lines
3.8 KiB
Groff
.\" $NetBSD: pwhash.1,v 1.9 2019/10/21 02:36:48 jhigh Exp $
|
|
.\" $OpenBSD: encrypt.1,v 1.16 2000/11/09 17:52:07 aaron Exp $
|
|
.\"
|
|
.\" Copyright (c) 1996, Jason Downs. All rights reserved.
|
|
.\"
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
.\" modification, are permitted provided that the following conditions
|
|
.\" are met:
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
.\"
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS
|
|
.\" OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
|
.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
|
.\" DISCLAIMED. IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT,
|
|
.\" INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
|
.\" (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
|
|
.\" SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
|
|
.\" CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
.\" SUCH DAMAGE.
|
|
.\"
|
|
.Dd May 24, 2016
|
|
.Dt PWHASH 1
|
|
.Os
|
|
.Sh NAME
|
|
.Nm pwhash
|
|
.Nd hashes passwords from the command line or standard input
|
|
.Sh SYNOPSIS
|
|
.Nm pwhash
|
|
.Op Fl km
|
|
.Op Fl A Ar variant[,params]
|
|
.Op Fl b Ar rounds
|
|
.Op Fl S Ar rounds
|
|
.Op Fl s Ar salt
|
|
.Op Fl p | Ar string
|
|
.Sh DESCRIPTION
|
|
.Nm
|
|
prints the encrypted form of
|
|
.Ar string
|
|
to the standard output.
|
|
This is mostly useful for encrypting passwords from within scripts.
|
|
.Pp
|
|
The options are as follows:
|
|
.Bl -tag -width Ds
|
|
.It Fl b Ar rounds
|
|
Encrypt the string using Blowfish hashing with the specified
|
|
.Ar rounds .
|
|
.It Fl k
|
|
Run in
|
|
.Xr makekey 8
|
|
compatible mode.
|
|
A single combined key (eight chars) and salt (two chars) with no
|
|
intermediate space are read from standard input and the DES encrypted
|
|
result is written to standard output without a terminating newline.
|
|
.It Fl m
|
|
Hash the string using MD5.
|
|
.It Fl p
|
|
Prompt for a single string with echo turned off.
|
|
.It Fl S Ar rounds
|
|
Encrypt the salt with HMAC-SHA1 using the password as key and the specified
|
|
.Ar rounds
|
|
as a hint for the number of iterations.
|
|
.It Fl A Ar variant[,params]
|
|
Encrypt the specified string using Argon2 hashing parameterized using
|
|
variant
|
|
.Ar variant ,
|
|
where
|
|
.Ar variant
|
|
is one of the following: argon2id, argon2i, argon2d. Variant
|
|
.Ar argon2id
|
|
is recommended.
|
|
|
|
Following the required
|
|
.Ar variant
|
|
name, three optional comma-delimited parameters may be provided,
|
|
|
|
t=n Specify the number of iterations to n. The default is 3.
|
|
|
|
m=n Specify the memory usage in KB to n. The default is 4096.
|
|
|
|
p=n Specify the number of threads to n. The default is 1.
|
|
|
|
.It Fl s Ar salt
|
|
Encrypt the string using DES, with the specified
|
|
.Ar salt .
|
|
.El
|
|
.Pp
|
|
If no
|
|
.Ar string
|
|
is specified,
|
|
.Nm
|
|
reads one string per line from standard input, encrypting each one
|
|
with the chosen algorithm from above.
|
|
In the event that no specific algorithm is given as a command line option,
|
|
the algorithm specified in the default class in
|
|
.Pa /etc/passwd.conf
|
|
will be used.
|
|
.Pp
|
|
For MD5, Blowfish, and Argon2 a new random salt is automatically generated for each
|
|
password.
|
|
.Pp
|
|
Specifying the
|
|
.Ar string
|
|
on the command line should be discouraged; using the
|
|
standard input is more secure.
|
|
.Sh EXAMPLES
|
|
The following specifies the argon2id variant, using 1 thread and 4096KB of memory
|
|
|
|
pwhash -A argon2id,p=1,m=4096 -p
|
|
|
|
|
|
.Sh FILES
|
|
.Bl -tag -width /etc/passwd.conf -compact
|
|
.It Pa /etc/passwd.conf
|
|
.El
|
|
.Sh SEE ALSO
|
|
.Xr crypt 3 ,
|
|
.Xr passwd.conf 5
|