autodoc.git / traditional_manual / chapter_21.html

version» Context lines:

autodoc.git/traditional_manual/chapter_21.html:161:   <hr />   <dl class='group--doc'>   <dt class='head--type'><span class='homogen--type'>Method</span>   <span class='homogen--name'><b>verify</b></span>   </dt>   <dd><p><code><code class='datatype'>int</code> <b><span class='method'>verify</span>(</b><code class='datatype'>string(8bit)</code> <code class='argument'>password</code>, <code class='datatype'>string(7bit)</code> <code class='argument'>hash</code><b>)</b></code></p></dd>      <dt class='head--doc'>Description</dt>   <dd class='body--doc'><p>Verify a password against a hash.</p>   <p> This function attempts to support most common -  password hashing schemes. The <code>hash</code> can be on any -  of the following formats.</p> +  password hashing schemes.</p> + </dd> + <dt class='head--doc'><span id='p-password'></span>Parameter <code class='parameter'>password</code></dt> + <dd></dd><dd class='body--doc'><p>Binary password. This is typically is typically a textual +  string normalized according to +  <code class='expr'>string_to_utf8(Unicode.normalize(raw_password,&nbsp;"NFC"))</code>, +  but some operating systems (eg MacOS X) may have other +  conventions.</p> + </dd> + <dt class='head--doc'><span id='p-hash'></span>Parameter <code class='parameter'>hash</code></dt> + <dd></dd><dd class='body--doc'><p>The <code>hash</code> can be on any of the following formats.</p>   <p> LDAP-style (<b><a href='http://pike.lysator.liu.se/rfc2307.xml'>RFC 2307</a></b>) hashes:</p>   <table class='box'><tr><td><code><code class='key'>"{SHA}XXXXXXXXXXXXXXXXXXXXXXXXXXXX"</code></code></td><td><p>The <code class='expr'>XXX</code> string is taken to be a <code>MIME.encode_base64</code>    <code>SHA1</code> hash of the password. Source: OpenLDAP FAQ    <a href='http://www.openldap.org/faq/data/cache/347.html'>http://www.openldap.org/faq/data/cache/347.html</a>.</p>   </td></tr>   <tr><td><code><code class='key'>"{SSHA}XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"</code></code></td><td><p>The <code class='expr'>XXX</code> string is taken to be a <code>MIME.encode_base64</code>    string in which the first 20 chars are an <code>SHA1</code> hash and the    remaining chars the salt. The input for the hash is the password    concatenated with the salt. Source: OpenLDAP FAQ    <a href='http://www.openldap.org/faq/data/cache/347.html'>http://www.openldap.org/faq/data/cache/347.html</a>.</p>
autodoc.git/traditional_manual/chapter_21.html:256:    along to the <code class='expr'>"$P$"</code>-handler above.</p>   </td></tr>   <tr><td><code><code class='key'>"$Q$RSSSSSSSSXXXXXXXXXXXXXXXXXXXXXX"</code></code></td><td><p>The string is interpreted as a PHPass' Portable Hash password hash,    where the base hashing alorithm has been switched to <code>SHA1</code>.    This method is apparently used by some versions of Escher CMS.</p>   </td></tr>   <tr><td><code><code class='key'>"$S$RSSSSSSSSXXXXXXXXXXXXXXXXXXXXXX"</code></code></td><td><p>The string is interpreted as a PHPass' Portable Hash password hash,    where the base hashing alorithm has been switched to <code>SHA256</code>.    This method is apparently used by some versions of Drupal.</p>   </td></tr> + <tr><td><code><code class='key'>"$pbkdf2$RRRRR$SSSSS$XXXXXXXXXXXXX"</code></code></td><td><p>The string is interpreted as <code>SHA1.crypt_pbkdf2()</code>.</p> + </td></tr> + <tr><td><code><code class='key'>"$pbkdf2-sha256$RRRRR$SSSSS$XXXXXXXXXXXXX"</code></code></td><td><p>The string is interpreted as <code>SHA256.crypt_pbkdf2()</code>.</p> + </td></tr> + <tr><td><code><code class='key'>"$pbkdf2-sha512$RRRRR$SSSSS$XXXXXXXXXXXXX"</code></code></td><td><p>The string is interpreted as <code>SHA512.crypt_pbkdf2()</code>.</p> + </td></tr> + <tr><td><code><code class='key'>"pbkdf2_sha256$RRRRR$SSSSS$XXXXXXXXXXXXX"</code></code></td><td><p>The string is interpreted as the Django variant of +  <code>SHA256.crypt_pbkdf2()</code>. This differs from the standard +  variant (<code class='expr'>"$pbkdf2-sha256$"</code>) in that the hash is +  encoded with plain <code>MIME.encode_base64()</code> (ie including +  padding (<code class='expr'>'='</code>) and plus (<code class='expr'>'+'</code>) characters).</p> + </td></tr>   <tr><td><code><code class='key'>"XXXXXXXXXXXXX"</code></code></td><td><p>The <code class='expr'>XXX</code> string (which doesn't begin with <code class='expr'>"{"</code>) is    taken to be a password hashed using the classic unix    <code class='expr'>crypt(3C)</code> function. If the string contains only chars    from the set <code class='expr'>[a-zA-Z0-9./]</code> it uses DES and the first two    characters as salt, but other alternatives may be possible    depending on the <code class='expr'>crypt(3C)</code> implementation in the    operating system.</p>   </td></tr>   <tr><td><code><code class='key'>""</code></code></td><td><p>The empty password hash matches all passwords.</p>   </td></tr>
autodoc.git/traditional_manual/chapter_21.html:5259:   <dt class='head--doc'>Description</dt>   <dd class='body--doc'><p>Returns the crypto block size, in bytes, or zero if not yet set.</p>   </dd></dl>         <hr />   <dl class='group--doc'>   <dt class='head--type'><span class='homogen--type'>Method</span>   <span class='homogen--name'><b>crypt</b></span>   </dt> - <dd><p><code><code class='datatype'>string(8bit)</code> <b><span class='method'>crypt</span>(</b><code class='datatype'>string(8bit)</code> <code class='argument'>s</code><b>)</b></code></p></dd> + <dd><p><code><code class='datatype'>string(8bit)</code>|<code class='datatype'>zero</code> <b><span class='method'>crypt</span>(</b><code class='datatype'>string(8bit)</code> <code class='argument'>s</code><b>)</b></code></p></dd>      <dt class='head--doc'>Description</dt>   <dd class='body--doc'><p>Encrypt or decrypt depending on set mode.</p>   </dd>   <dt class='head--doc'>See also</dt>   <dd class='body--doc'><p><code>set_encrypt_key</code>, <code>set_decrypt_key</code></p>   </dd></dl>         <hr />