[TimWolla]

> but missed one of the three ways crypt can signal failure (returning the input unmodified)

Returning the input unmodified is not failure, but success. That's how you check that a password is valid without having a specialized API.

[jefftk]

EDIT: I misread the linked post, ignore me!

<strike>crypt is the hashing function, not the password checking function</strike>

[TimWolla]

I assume s/bit/not/. The checking function is “does the given password with the stored parameters hash to the same value as the stored hash”. Hash functions are deterministic.

So returning the original hash for a valid password is the success case.