Section 3: crypt



This page was been converted automatically, from Debian GNU/Linux man pages.




CRYPT(3)                Library functions                CRYPT(3)


NAME

crypt - password and data encryption

SYNOPSIS

#include char *crypt(const char *key, const char *salt);

DESCRIPTION

crypt provides acess to two algoritms for password encryp- tion. One it's based on the Data Encryption Standard algorithm with variations intended (among other things) to discourage use of hardware implementations of a key search. key is a user's typed password. salt is a two-character string chosen from the set [a-zA-Z0-9./]. This string is used to perturb the algo- rithm in one of 4096 different ways. By taking the lowest 7 bit of each character of the key, a 56-bit key is obtained. This 56-bit key is used to encrypt repeatedly a constant string (usually a string consisting of all zeros). The returned value points to the encrypted password, a series of 13 printable ASCII characters (the first two characters represent the salt itself). The return value points to static data whose content is overwritten by each call. Warning: The key space consists of 2**56 equal 7.2e16 pos- sible values. Exhaustive searches of this key space are possible using massively parallel computers. Software, such as crack(1), is available which will search the por- tion of this key space that is generally used by humans for passwords. Hence, password selection should, at mini- mum, avoid common words and names. The use of a passwd(1) program that checks for crackable passwords during the selection process is recommended. The DES algorithm itself has a few quirks which make the use of the crypt(3) interface a very poor choice for any- thing other than password authentication. If you are planning on using the crypt(3) interface for a cryptogra- phy project, don't do it: get a good book on encryption and one of the widely available DES libraries. If the salt starts with $1$ an MD5 based password hashing algoritm is applied. The salt should consist off $1$ fol- lowed with eight characters. Programs using this function must be linked with -lcrypt. September 3, 1994 1 CRYPT(3) Library functions CRYPT(3) CONFORMING TO SVID, X/OPEN, BSD 4.3 SEE ALSO login(1), passwd(1), encrypt(3), getpass(3), passwd(5) September 3, 1994 2