xref: /netbsd-src/usr.bin/pwhash/pwhash.1 (revision ce099b40997c43048fb78bd578195f81d2456523) 
1.\"	$NetBSD: pwhash.1,v 1.5 2004/11/17 14:57:48 wiz Exp $
2.\"	$OpenBSD: encrypt.1,v 1.16 2000/11/09 17:52:07 aaron Exp $
3.\"
4.\" Copyright (c) 1996, Jason Downs.  All rights reserved.
5.\"
6.\" Redistribution and use in source and binary forms, with or without
7.\" modification, are permitted provided that the following conditions
8.\" are met:
9.\" 1. Redistributions of source code must retain the above copyright
10.\"    notice, this list of conditions and the following disclaimer.
11.\" 2. Redistributions in binary form must reproduce the above copyright
12.\"    notice, this list of conditions and the following disclaimer in the
13.\"    documentation and/or other materials provided with the distribution.
14.\"
15.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS
16.\" OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
17.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
18.\" DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT,
19.\" INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
20.\" (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
21.\" SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
22.\" CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25.\" SUCH DAMAGE.
26.\"
27.Dd October 12, 2004
28.Dt PWHASH 1
29.Os
30.Sh NAME
31.Nm pwhash
32.Nd hashes passwords from the command line or standard input
33.Sh SYNOPSIS
34.Nm pwhash
35.Op Fl km
36.Op Fl b Ar rounds
37.Op Fl S Ar rounds
38.Op Fl s Ar salt
39.Op Fl p | Ar string
40.Sh DESCRIPTION
41.Nm
42prints the encrypted form of
43.Ar string
44to the standard output.
45This is mostly useful for encrypting passwords from within scripts.
46.Pp
47The options are as follows:
48.Bl -tag -width Ds
49.It Fl b Ar rounds
50Encrypt the string using Blowfish hashing with the specified
51.Ar rounds .
52.It Fl k
53Run in
54.Xr makekey 8
55compatible mode; a single combined key and salt are read from standard
56input and the DES encrypted result is written to standard output without a
57terminating newline.
58.It Fl m
59Encrypt the string using MD5.
60.It Fl p
61Prompt for a single string with echo turned off.
62.It Fl S Ar rounds
63Encrypt the salt with HMAC-SHA1 using the password as key and the specified
64.Ar rounds
65as a hint for the number of iterations.
66.It Fl s Ar salt
67Encrypt the string using DES, with the specified
68.Ar salt .
69.El
70.Pp
71If no
72.Ar string
73is specified,
74.Nm
75reads one string per line from standard input, encrypting each one
76with the chosen algorithm from above.
77In the event that no specific algorithm is given as a command line option,
78the algorithm specified in the default class in
79.Pa /etc/passwd.conf
80will be used.
81.Pp
82For MD5 and Blowfish a new random salt is automatically generated for each
83password.
84.Pp
85Specifying the
86.Ar string
87on the command line should be discouraged; using the
88standard input is more secure.
89.Sh FILES
90.Bl -tag -width /etc/passwd.conf -compact
91.It Pa /etc/passwd.conf
92.El
93.Sh SEE ALSO
94.Xr crypt 3 ,
95.Xr passwd.conf 5
96