step crypto kdf compare – compare a plaintext value (e.g., a password) and a hash
step crypto kdf compare
The ‘step crypto kdf compare’ command compares a plaintext value (e.g., a password) with an existing KDF password hash in PHC string format. The PHC string input indicates which KDF algorithm and parameters to use.
If the input matches
phc-hash the command prints a human readable message
indicating success to STDERR and returns 0. If the input does not match an
error will be printed to STDERR and the command will exit with a non-zero
If this command is run without the optional
input argument and STDIN is a
TTY (i.e., you’re running the command in an interactive terminal and not
piping input to it) you’ll be prompted to enter a value on STDERR. If STDIN is
not a TTY it will be read without prompting.
For examples, see step help crypto kdf.
- The KDF password hash in PHC string format.
- The plaintext value to compare with
inputis optional and its use is not recommended. If this argument is provided the –insecure flag must also be provided because your (presumably secret)
inputwill likely be logged and appear in places you might not expect. If omitted input is read from STDIN.