The library supports two encryption formats: traditional Unix DES-hashes^{2On non-Unix systems, crypt() is provided by the NetBSD library. The license header is added at the end of this document.} and FreeBSD compatible MD5 hashes (all platforms). MD5 hashes start with the magic sequence $1$, followed by an up to 8 character salt. DES hashes start with a 2 character salt. Note that a DES hash considers only the first 8 characters. The MD5 considers the whole string.

Salt and algorithm can be forced by instantiating the start of Encrypted with it. This is typically used to force MD5 hashes:

?- phrase("$1$", E, _),
   crypt("My password", E),
   format('~s~n', [E]).

$1$qdaDeDZn$ZUxSQEESEHIDCHPNc3fxZ1

Encrypted is always a list of ASCII character codes. Plain only supports ISO-Latin-1 passwords in the current implementation.

Plain is either an atom, SWI-Prolog string, list of characters or list of character-codes. It is not advised to use atoms, as this implies the password will be available from the Prolog heap as a defined atom.

NOTE: crypt/2 provides an interface to the Unix password hashing API. Above we already introduced support for classical DES and MD5 hashes, both hashes that are considered insecure by today's standards.^{3Insecure means that the password can realistically be derived from the password hash using a brute-force attack. This implies that leaking the password database is an immediate security risk.} The crypt() API of modern Unix systems typically support more secure hashes. Using crypt/2 is suitable if compatibility with OS passwords is required. If strong hashes and platform independence are important to you, use crypto_password_hash/2 provided by library library(crypto) from the ssl package.