Michal Mazurek wrote: > When talking about this with mulander@ it came out that the docs could > use a touch. > > The commit message for the diff that didn't update the docs was: > > permit "bcrypt" as an alias for "blowfish". this is, after all, what > 99% of the world calls it. > allow just "bcrypt" without params to mean auto-tune ("bcrypt,a"). > default remains 8 rounds (for now) > > Comments? OK? > > Index: lib/libc/crypt/crypt_checkpass.3 > =================================================================== > RCS file: /cvs/src/lib/libc/crypt/crypt_checkpass.3,v > retrieving revision 1.9 > diff -u -p -r1.9 crypt_checkpass.3 > --- lib/libc/crypt/crypt_checkpass.3 23 Jul 2015 22:20:02 -0000 1.9 > +++ lib/libc/crypt/crypt_checkpass.3 6 Jun 2017 19:06:59 -0000 > @@ -58,17 +58,29 @@ The provided > .Fa password > is randomly salted and hashed and stored in > .Fa hash . > +.Fa hash > +must already be allocated, and > +.Fa hashsize > +must contain its size, which cannot be less than 61 bytes.
that's an implementation detail. if we're advising a limit, i think we should say 128 or so. i think the rest is fine.