(index ("crypt" 0) ("crypt-gensalt" 1055) ("crypt-default-implementation" 2335) ("crypt-default-random-u8vector" 2719) ("crypt-prefix->type" 3400) ("crypt-maximum-random-u8vector" 4014) ("crypt-blowfish-gensalt" 4445) ("crypt-blowfish-default-logrounds" 5150) ("crypt-sha512-gensalt" 5602) ("crypt-sha512-default-rounds" 6225) ("crypt-sha256-gensalt" 6509) ("crypt-sha256-default-rounds" 7132) ("crypt-md5-gensalt" 7416) ("crypt-des-extended-gensalt" 7803) ("crypt-des-extended-default-rounds" 8580) ("crypt-des-gensalt" 8814))
(def (sig (procedure "(crypt plaintext-password [salt-or-hash])" (id crypt))) (p "This procedure returns the hashed version of the string " (tt "plaintext-password") " based on the settings provided by the string " (tt "salt-or-hash") " (typically this argument is called \"" (tt "setting") "\" in most POSIX documentation).  If " (tt "salt-or-hash") " is not provided or " (tt "#f") ", a salt will automatically be generated by calling " (tt "(crypt-gensalt)") " with no arguments.") (p "This means this procedure can be used in two ways: the first is to generate a hash for a new password and the second is to validate a password against a previously generated hash.") (p "The return value of this procedure can be stored and later used as a " (tt "salt-or-hash") " value in subsequent calls to this procedure to validate a user-supplied password; it is a string that contains the salt and algorithm specifications as a prefix of the hash.  For more info about why this works, see the \"" (int-link "#background-info" "Background Info") "\" section."))
(def (sig (procedure "(crypt-gensalt #!key type random)" (id crypt-gensalt))) (p "This procedure can be used to obtain a string you can pass to the " (tt "crypt") " procedure as the " (tt "salt-or-hash") " argument.  The string generally starts with a dollar-sign followed by an algorithm specifier, followed by the salt.  For more specific info about the format of this string, see the \"" (int-link "#background-info" "Background Info") "\" section.") (p "The " (tt "type") " argument selects the algorithm type to use.  It can currently be one of the following symbols: " (tt "blowfish") ", " (tt "sha512") ", " (tt "sha256") ", " (tt "md5") ", " (tt "des-extended") " or " (tt "des") ".  If not supplied or " (tt "#f") ", the value of " (tt "(crypt-default-implementation)") " is used.") (p "The " (tt "random") " argument can be used to supply a stronger randomization procedure.  It should be a procedure that accepts two integers (a minimum and a maximum) and returns an u8vector with random values. The u8vector must have a length between the minimum and the maximum, both inclusive.  The maximum can be " (tt "#f") " when there is no upper bound.  If " (tt "random") " is not supplied or " (tt "#f") ", the value of " (tt "(crypt-default-random-u8vector)") " is used."))
(def (sig (parameter "(crypt-default-implementation [type])" (id crypt-default-implementation))) (p "The default implementation specifier to put in newly generated salt strings.  Can be any symbol accepted by " (tt "crypt-gensalt") ".  It will always default to the strongest algorithm that was current at the time the egg was last updated.  Currently that is " (tt "blowfish") "."))
(def (sig (parameter "(crypt-default-random-u8vector [proc])" (id crypt-default-random-u8vector))) (p "The default implementation to use by " (tt "crypt-gensalt") " as a source of randomly-filled u8vectors.  This procedure should accept two integer arguments; a minimum and a maximum length for the u8vector to return. The maximum may also be " (tt "#f") " if there is no upper bound.") (p "Defaults to " (tt "crypt-maximum-random-u8vector") ".  If security is very important, you should probably override it, because the default " (int-link "/man/4/Unit extras#random" "random") " procedure provided by Chicken is not very strong, and is even extremely weak on some platforms."))
(def (sig (procedure "(crypt-prefix->type prefix)" (id crypt-prefix->type))) (p "Given a " (tt "prefix") " string (which may also be a complete salted hash string), determine what algorithm type it specifies.") (p "Note that because the historical UNIX crypt() had no prefix at all, " (tt "'des") " will be returned for arbitrary strings that don't start with a dollar, even if they're not actually proper DES strings!") (p "Example:") (highlight scheme "(crypt-prefix->type \"$1$\") => 'md5\n(crypt-prefix->type \"whatever\") => 'des\n(crypt-prefix->type \"$nonexistant$\") => ERROR: Unknown crypt prefix type"))
(def (sig (procedure "(crypt-maximum-random-u8vector min max)" (id crypt-maximum-random-u8vector))) (p "The initial value of " (tt "crypt-default-random-u8vector") ".  This procedure simply calls Chicken's built-in " (int-link "/man/4/Unit extras#random" "random") " to get enough values between 0 and 255 to fill the u8vector.  It will use the maximum length if available, otherwise the minimum length (this may change later)."))
(def (sig (procedure "(crypt-blowfish-gensalt random #!key logrounds)" (id crypt-blowfish-gensalt))) (p "Generates a salt string for the Blowfish-based crypt() implementation as introduced by Niels Provos and David Mazières in OpenBSD. This is sometimes referred to as " (tt "bcrypt") ".") (p (tt "logrounds") " is the 2-based logarithm of the number of iterations to run the EksBlowfish algorithm.  If not specified or " (tt "#f") " it defaults to the value of " (tt "crypt-blowfish-default-logrounds") ".") (p (tt "random") " is a procedure that returns a randomly filled u8vector. See the documentation on " (tt "crypt-default-random-u8vector") " and " (tt "crypt-gensalt") " for more information."))
(def (sig (parameter "(crypt-blowfish-default-logrounds logrounds)" (id crypt-blowfish-default-logrounds))) (p "The default value for " (tt "crypt-blowfish-gensalt") "'s " (tt "logrounds") " argument.  This is the 2-based logarithm of the number of rounds, so the number 10 indicates 1024 iterations of the blowfish encryption algorithm should be run.") (p "Currently it is set to 12 by default, but this value should grow as computing power grows."))
(def (sig (procedure "(crypt-sha512-gensalt random #!key rounds)" (id crypt-sha512-gensalt))) (p "Generates a salt string for the SHA-512 variant of the SHA-2-based crypt() implementation as introduced into GNU libc by Ulrich Drepper of Red Hat.") (p (tt "rounds") " is the number of iterations to run the SHA-2 algorithm.  If not specified or " (tt "#f") " it defaults to the value of " (tt "crypt-sha512-default-rounds") ".") (p (tt "random") " is a procedure that returns a randomly filled u8vector. See the documentation on " (tt "crypt-default-random-u8vector") " and " (tt "crypt-gensalt") " for more information."))
(def (sig (parameter "(crypt-sha512-default-rounds [rounds])" (id crypt-sha512-default-rounds))) (p "The default value for " (tt "crypt-sha512-gensalt") "'s " (tt "rounds") " argument. Currently defaults to 5000, but should be tweaked to compensate for increasing computing power."))
(def (sig (procedure "(crypt-sha256-gensalt random #!key rounds)" (id crypt-sha256-gensalt))) (p "Generates a salt string for the SHA-256 variant of the SHA-2-based crypt() implementation as introduced into GNU libc by Ulrich Drepper of Red Hat.") (p (tt "rounds") " is the number of iterations to run the SHA-2 algorithm.  If not specified or " (tt "#f") " it defaults to the value of " (tt "crypt-sha256-default-rounds") ".") (p (tt "random") " is a procedure that returns a randomly filled u8vector. See the documentation on " (tt "crypt-default-random-u8vector") " and " (tt "crypt-gensalt") " for more information."))
(def (sig (parameter "(crypt-sha256-default-rounds [rounds])" (id crypt-sha256-default-rounds))) (p "The default value for " (tt "crypt-sha256-gensalt") "'s " (tt "rounds") " argument. Currently defaults to 5000, but should be tweaked to compensate for increasing computing power."))
(def (sig (procedure "(crypt-md5-gensalt random)" (id crypt-md5-gensalt))) (p "Generates a salt string for the MD5-based crypt() implementation as introduced by Paul Hennig-Kamp in FreeBSD.") (p (tt "random") " is a procedure that returns a randomly filled u8vector. See the documentation on " (tt "crypt-default-random-u8vector") " and " (tt "crypt-gensalt") " for more information."))
(def (sig (procedure "(crypt-des-extended-gensalt random #!key rounds)" (id crypt-des-extended-gensalt))) (p "Generates a salt string for the extended DES-based crypt() implementation as introduced by BSDi.") (p (tt "rounds") " is the number of iterations to run the DES algorithm.  If not specified or " (tt "#f") " it defaults to the value of " (tt "crypt-des-extended-default-rounds") ". " (b "Important note") ": DES has specific weaknesses that makes it easier to detect weak keys when it is run for an even number of rounds, so it's important to specify an odd number here.") (p (tt "random") " is a procedure that returns a randomly filled u8vector. See the documentation on " (tt "crypt-default-random-u8vector") " and " (tt "crypt-gensalt") " for more information."))
(def (sig (parameter "(crypt-des-extended-default-rounds [rounds])" (id crypt-des-extended-default-rounds))) (p "The default value for " (tt "crypt-des-extended-gensalt") "'s " (tt "rounds") " argument.  Currently defaults to 725."))
(def (sig (procedure "(crypt-des-gensalt random)" (id crypt-des-gensalt))) (p "Generates a salt string for the original UNIX DES-based crypt() implementation.  " (tt "random") " is a procedure that returns a randomly filled u8vector.  See the documentation on " (tt "crypt-default-random-u8vector") " and " (tt "crypt-gensalt") " for more information."))
