crypt

Hash password according to salt

It's a D version of the standard crypt(3) function https://www.freebsd.org/cgi/man.cgi?crypt%283%29

It's recommended that salt be generated using one of the provided genSalt() functions. (E.g., SHA512Crypt.genSalt())

Overloads are provided that allow writing to a given output range, or using a pre-parsed salt string (see passwd.util.cryptSplit()), or optionally only writing the encoded digest (without the salt). Most users won't need them.

Note: crypt(3) allows algorithms to sanitise the salt string, so the output isn't guaranteed to be the input salt string concatenated with the encoded digest, unless the salt string was generated correctly by (for example) the provided genSalt() functions.

  1. char[] crypt(const(char)[] password, const(char)[] salt)
  2. void crypt(const(char)[] password, Out output, const(char)[] salt, Flag!"writeSalt" write_salt)
    @safe
    void
    crypt
    (
    Out
    )
    (
    const(char)[] password
    ,
    ref Out output
    ,
    const(char)[] salt
    ,
    Flag!"writeSalt" write_salt = Yes.writeSalt
    )
    if (
    isOutputRange!(Out, char)
    )
  3. void crypt(const(char)[] password, Out output, const(CryptPieces) salt_data, Flag!"writeSalt" write_salt)

Examples

const salt = SHA512Crypt.genSalt();
// Result looks something like "$6$/CrouvED7qMJ/IbD"
auto crypted = "hunter2".crypt(salt);
// Result looks something like "$6$/CrouvED7qMJ/IbD$w2auDz2o61BBLowCbYbO.AIsM5XxSPME3PW2b7P.3qamDP5v4aSwyBPLDKolI/rBjTTGDIhUfUsszNv/DOy0B."

// crypt(3)ed passwords can be erased from memory after use if you are paranoid
secureWipe(crypted);
import std.algorithm.searching : all;
assert (crypted.all!"a == 0");

Meta