While using this function, there’s a lot that’s mentioned in the manual but hard to find.
From manual:
#define _XOPEN_SOURCE /* See feature_test_macros(7) */ #includechar *crypt(const char *key, const char *salt); #define _GNU_SOURCE /* See feature_test_macros(7) */ #include char *crypt_r(const char *key, const char *salt, struct crypt_data *data); Link with -lcrypt.
However:
The return value points to static data whose content is overwritten by each call.This means a strdup or similar operation is necessary to copy it if one want to preserve the value and use the previous after another crypt. Also, it is not in the manual that using an encrypted string as salt means using the same salt that encrypts the string is used to encrypt the new one. The reason is that the string output will have its own salt at its beginning. The manual mentions nothing about how the check works but it works at here. So I looked for the source code in c posix library(From here:https://code.woboq.org/userspace/glibc/crypt/crypt-entry.c.html#crypt):
157 char *
158 crypt (const char *key, const char *salt)
159 {
160 #ifdef _LIBC
161 /* Try to find out whether we have to use MD5 encryption replacement. */
162 if (strncmp (md5_salt_prefix, salt, sizeof (md5_salt_prefix) - 1) == 0
163 /* Let __crypt_r deal with the error code if FIPS is enabled. */
164 && !fips_enabled_p ())
165 return __md5_crypt (key, salt);
166
167 /* Try to find out whether we have to use SHA256 encryption replacement. */
168 if (strncmp (sha256_salt_prefix, salt, sizeof (sha256_salt_prefix) - 1) == 0)
169 return __sha256_crypt (key, salt);
170
171 /* Try to find out whether we have to use SHA512 encryption replacement. */
172 if (strncmp (sha512_salt_prefix, salt, sizeof (sha512_salt_prefix) - 1) == 0)
173 return __sha512_crypt (key, salt);
174 #endif
175
176 return __crypt_r (key, salt, &_ufc_foobar);
177 }
It seems to be smarter than I excepted and can even determine which way to encrypt according to the salt….
2017/6/13