libcrypt is the password hashing library, and libcrypto is a completely different library (OpenSSL cryptography library). While the encrypt() function can "encrypt" things, it uses a broken algorithm so let's not call libcrypt an "encryption" library at all. In crypt.3, also replace "encrypt" with "hash" except several places where it really means "encrypt". Signed-off-by: Xi Ruoyao <xry111@xxxxxxxxxxx> --- man3/crypt.3 | 30 +++++++++++++++--------------- man3/encrypt.3 | 4 ++-- 2 files changed, 17 insertions(+), 17 deletions(-) diff --git a/man3/crypt.3 b/man3/crypt.3 index 1f3e4792e..57027ed5d 100644 --- a/man3/crypt.3 +++ b/man3/crypt.3 @@ -17,10 +17,10 @@ .\" .TH crypt 3 (date) "Linux man-pages (unreleased)" .SH NAME -crypt, crypt_r \- password and data encryption +crypt, crypt_r \- password hashing .SH LIBRARY -Encryption and decryption library -.RI ( libcrypto ", " \-lcrypto ) +Password hashing library +.RI ( libcrypt ", " \-lcrypt ) .SH SYNOPSIS .nf .B #include <unistd.h> @@ -52,7 +52,7 @@ Feature Test Macro Requirements for glibc (see .fi .SH DESCRIPTION .BR crypt () -is the password encryption function. +is the password hashing function. It is based on the Data Encryption Standard algorithm with variations intended (among other things) to discourage use of hardware implementations of a key search. @@ -72,7 +72,7 @@ a 56-bit key is obtained. This 56-bit key is used to encrypt repeatedly a constant string (usually a string consisting of all zeros). The returned -value points to the encrypted password, a series of 13 printable ASCII +value points to the hashed password, a series of 13 printable ASCII characters (the first two characters represent the salt itself). The return value points to static data whose content is overwritten by each call. @@ -115,7 +115,7 @@ the only thing that the caller should do with this structure is to set to zero before the first call to .BR crypt_r (). .SH RETURN VALUE -On success, a pointer to the encrypted password is returned. +On success, a pointer to the hashed password is returned. On error, NULL is returned. .SH ERRORS .TP @@ -165,7 +165,7 @@ function was not implemented, probably because of U.S.A. export restrictions. .B EPERM .I /proc/sys/crypto/fips_enabled has a nonzero value, -and an attempt was made to use a weak encryption type, such as DES. +and an attempt was made to use a weak hashing type, such as DES. .SH ATTRIBUTES For an explanation of the terms used in this section, see .BR attributes (7). @@ -225,7 +225,7 @@ is an ABI-compatible drop-in replacement. .SH NOTES .SS Features in glibc The glibc version of this function supports additional -encryption algorithms. +hashing algorithms. .PP If .I salt @@ -234,11 +234,11 @@ followed by a string optionally terminated by "$", then the result has the form: .RS .PP -$\fIid\fP$\fIsalt\fP$\fIencrypted\fP +$\fIid\fP$\fIsalt\fP$\fIhashed\fP .RE .PP .I id -identifies the encryption method used instead of DES and this +identifies the hashing method used instead of DES and this then determines how the rest of the password string is interpreted. The following values of .I id @@ -265,13 +265,13 @@ T} .TE .RE .PP -Thus, $5$\fIsalt\fP$\fIencrypted\fP and $6$\fIsalt\fP$\fIencrypted\fP -contain the password encrypted with, respectively, functions +Thus, $5$\fIsalt\fP$\fIhashed\fP and $6$\fIsalt\fP$\fIhashed\fP +contain the password hashed with, respectively, functions based on SHA-256 and SHA-512. .PP "\fIsalt\fP" stands for the up to 16 characters following "$\fIid\fP$" in the salt. -The "\fIencrypted\fP" +The "\fIhashed\fP" part of the password string is the actual computed password. The size of this string is fixed: .RS @@ -283,7 +283,7 @@ SHA-512 86 characters .TE .RE .PP -The characters in "\fIsalt\fP" and "\fIencrypted\fP" are drawn from the set +The characters in "\fIsalt\fP" and "\fIhashed\fP" are drawn from the set [\fBa\-zA\-Z0\-9./\fP]. In the MD5 and SHA implementations the entire .I key @@ -299,7 +299,7 @@ followed by "rounds=\fIxxx\fP$", where \fIxxx\fP is an integer, then the result has the form .RS .PP -$\fIid\fP$\fIrounds=yyy\fP$\fIsalt\fP$\fIencrypted\fP +$\fIid\fP$\fIrounds=yyy\fP$\fIsalt\fP$\fIhashed\fP .RE .PP where \fIyyy\fP is the number of hashing rounds actually used. diff --git a/man3/encrypt.3 b/man3/encrypt.3 index 9f7ea9627..49549a28f 100644 --- a/man3/encrypt.3 +++ b/man3/encrypt.3 @@ -13,8 +13,8 @@ .SH NAME encrypt, setkey, encrypt_r, setkey_r \- encrypt 64-bit messages .SH LIBRARY -Encryption and decryption library -.RI ( libcrypto ", " \-lcrypto ) +Password hashing library +.RI ( libcrypt ", " \-lcrypt ) .SH SYNOPSIS .nf .BR "#define _XOPEN_SOURCE" " /* See feature_test_macros(7) */" -- 2.41.0
