Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <3af8b038-d0cd-1ae2-cfb3-6dd57551d0a3@mirbsd.de>
Date: Wed, 3 Jun 2026 00:40:58 +0200 (CEST)
From: Thorsten Glaser <tg@...bsd.de>
To: musl@...ts.openwall.com
Subject: Re: musl crypt() fallback to DES for unknown hash algorithm

On Tue, 2 Jun 2026, Seo Suchan wrote:

> better reject |any hash started with $ but musl doesn't about
> crypt_r() should return error. man crypt.3 suggest it'd set errorno to
> EINVAl and return invalid hash starting with *|

From the BSD side: yescrypt is an API misuse, the manpage clearly
documents that the extended mode is used if the string begins with
a dollar sign and a number.

For applications wishing to use such nōn-standard extensions:
they should first run a known string through the crypt(3)
function and check its return value matches expectations.

Please convey this to the busybox developers.

bye,
//mirabilos, not speaking for musl
-- 
“It is inappropriate to require that a time represented as
 seconds since the Epoch precisely represent the number of
 seconds between the referenced time and the Epoch.”
	-- IEEE Std 1003.1b-1993 (POSIX) Section B.2.2.2

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.