{
    "mode": "man",
    "parameter": "crypt_gensalt",
    "section": "3",
    "url": "https://www.chedong.com/phpMan.php/man/crypt_gensalt/3/json",
    "generated": "2026-06-12T14:03:42Z",
    "synopsis": "",
    "sections": {
        "NAME": {
            "content": "cryptgensalt, cryptgensaltrn, cryptgensaltra — encode settings for passphrase hashing\n",
            "subsections": []
        },
        "LIBRARY": {
            "content": "Crypt Library (libcrypt, -lcrypt)\n",
            "subsections": []
        },
        "SYNOPSIS": {
            "content": "",
            "subsections": [
                {
                    "name": "#include <crypt.h>",
                    "content": "char *\ncryptgensalt(const char *prefix, unsigned long count, const char *rbytes, int nrbytes);\n\nchar *\ncryptgensaltrn(const char * prefix, unsigned long count, const char *rbytes, int nrbytes,\nchar * output, int outputsize);\n\nchar *\ncryptgensaltra(const char *prefix, unsigned long count, const char *rbytes, int nrbytes);\n"
                }
            ]
        },
        "DESCRIPTION": {
            "content": "The cryptgensalt, cryptgensaltrn, and cryptgensaltra functions compile a string for use as\nthe setting argument to crypt, cryptr, cryptrn, and cryptra.  prefix selects the hashing\nmethod to use.  count controls the CPU time cost of the hash; the valid range for count and the\nexact meaning of “CPU time cost” depends on the hashing method, but larger numbers correspond\nto more costly hashes.  rbytes should point to nrbytes cryptographically random bytes for use\nas “salt.”\n\nIf prefix is a null pointer, the best available hashing method will be selected.  (CAUTION: if\nprefix is an empty string, the “traditional” DES-based hashing method will be selected; this\nmethod is unacceptably weak by modern standards.)  If count is 0, a low default cost will be\nselected.  If rbytes is a null pointer, an appropriate number of random bytes will be obtained\nfrom the operating system, and nrbytes is ignored.\n\nSee crypt(5) for other strings that can be used as prefix, and valid values of count for each.\n",
            "subsections": []
        },
        "RETURN VALUES": {
            "content": "cryptgensalt, cryptgensaltrn, and cryptgensaltra return a pointer to an encoded setting\nstring.  This string will be entirely printable ASCII, and will not contain whitespace or the\ncharacters ‘:’, ‘;’, ‘*’, ‘!’, or ‘\\’.  See crypt(5) for more detail on the format of this\nstring.  Upon error, they return a null pointer and set errno to an appropriate error code.\n\ncryptgensalt places its result in a static storage area, which will be overwritten by subse‐\nquent calls to cryptgensalt.  It is not safe to call cryptgensalt from multiple threads si‐\nmultaneously.  However, it is safe to pass the string returned by cryptgensalt directly to\ncrypt without copying it; each function has its own static storage area.\n\ncryptgensaltrn places its result in the supplied output buffer, which has outputsize bytes\nof storage available.  outputsize should be greater than or equal to\nCRYPTGENSALTOUTPUTSIZE.\n\ncryptgensaltra allocates memory for its result using malloc(3).  It should be freed with\nfree(3) after use.\n\nUpon error, in addition to returning a null pointer, cryptgensalt and cryptgensaltrn will\nwrite an invalid setting string to their output buffer, if there is enough space; this string\nwill begin with a ‘*’ and will not be equal to prefix.\n",
            "subsections": []
        },
        "ERRORS": {
            "content": "EINVAL             prefix is invalid or not supported by this implementation; count is invalid\nfor the requested prefix; the input nrbytes is insufficient for the smallest\nvalid salt with the requested prefix.\n\nERANGE             cryptgensaltrn only: outputsize is too small to hold the compiled setting\nstring.\n\nENOMEM             Failed to allocate internal scratch memory.\ncryptgensaltra only: failed to allocate memory for the compiled setting\nstring.\n\nENOSYS, EACCES, EIO, etc.\nObtaining random bytes from the operating system failed.  This can only hap‐\npen when rbytes is a null pointer.\n",
            "subsections": []
        },
        "FEATURE TEST MACROS": {
            "content": "The following macros are defined by <crypt.h>:\n\nCRYPTGENSALTIMPLEMENTSDEFAULTPREFIX\nA null pointer can be specified as the prefix argument.\n\nCRYPTGENSALTIMPLEMENTSAUTOENTROPY\nA null pointer can be specified as the rbytes argument.\n",
            "subsections": []
        },
        "PORTABILITY NOTES": {
            "content": "The functions cryptgensalt, cryptgensaltrn, and cryptgensaltra are not part of any stan‐\ndard.  They originate with the Openwall project.  A function with the name cryptgensalt also\nexists on Solaris 10 and newer, but its prototype and semantics differ.\n\nThe default prefix and auto entropy features are available since libxcrypt version 4.0.0.  Por‐\ntable software can use feature test macros to find out whether null pointers can be used for\nthe prefix and rbytes arguments.\n\nThe set of supported hashing methods varies considerably from system to system.\n",
            "subsections": []
        },
        "ATTRIBUTES": {
            "content": "For an explanation of the terms used in this section, see attributes(7).\n┌──────────────────┬───────────────┬──────────────────────────────┐\n│Interface         │ Attribute     │ Value                        │\n├──────────────────┼───────────────┼──────────────────────────────┤\n│cryptgensalt     │ Thread safety │ MT-Unsafe race:cryptgensalt │\n├──────────────────┼───────────────┼──────────────────────────────┤\n│cryptgensaltrn, │ Thread safety │ MT-Safe                      │\n│cryptgensaltra  │               │                              │\n└──────────────────┴───────────────┴──────────────────────────────┘\n",
            "subsections": []
        },
        "SEE ALSO": {
            "content": "crypt(3), getpass(3), getpwent(3), shadow(3), login(1), passwd(1), crypt(5), passwd(5),\nshadow(5), pam(8)\n",
            "subsections": []
        },
        "Openwall Project               October 11, 2017               Openwall Project": {
            "content": "",
            "subsections": []
        }
    },
    "summary": "cryptgensalt, cryptgensaltrn, cryptgensaltra — encode settings for passphrase hashing",
    "flags": [],
    "examples": [],
    "see_also": [
        {
            "name": "crypt",
            "section": "3",
            "url": "https://www.chedong.com/phpMan.php/man/crypt/3/json"
        },
        {
            "name": "getpass",
            "section": "3",
            "url": "https://www.chedong.com/phpMan.php/man/getpass/3/json"
        },
        {
            "name": "getpwent",
            "section": "3",
            "url": "https://www.chedong.com/phpMan.php/man/getpwent/3/json"
        },
        {
            "name": "shadow",
            "section": "3",
            "url": "https://www.chedong.com/phpMan.php/man/shadow/3/json"
        },
        {
            "name": "login",
            "section": "1",
            "url": "https://www.chedong.com/phpMan.php/man/login/1/json"
        },
        {
            "name": "passwd",
            "section": "1",
            "url": "https://www.chedong.com/phpMan.php/man/passwd/1/json"
        },
        {
            "name": "crypt",
            "section": "5",
            "url": "https://www.chedong.com/phpMan.php/man/crypt/5/json"
        },
        {
            "name": "passwd",
            "section": "5",
            "url": "https://www.chedong.com/phpMan.php/man/passwd/5/json"
        },
        {
            "name": "shadow",
            "section": "5",
            "url": "https://www.chedong.com/phpMan.php/man/shadow/5/json"
        },
        {
            "name": "pam",
            "section": "8",
            "url": "https://www.chedong.com/phpMan.php/man/pam/8/json"
        }
    ]
}