version 1, including all changes.
.
Rev |
Author |
# |
Line |
1 |
perry |
1 |
CRYPT |
|
|
2 |
!!!CRYPT |
|
|
3 |
NAME |
|
|
4 |
SYNOPSIS |
|
|
5 |
DESCRIPTION |
|
|
6 |
RETURN VALUE |
|
|
7 |
ERRORS |
|
|
8 |
CONFORMING TO |
|
|
9 |
SEE ALSO |
|
|
10 |
---- |
|
|
11 |
!!NAME |
|
|
12 |
|
|
|
13 |
|
|
|
14 |
crypt - password and data encryption |
|
|
15 |
!!SYNOPSIS |
|
|
16 |
|
|
|
17 |
|
|
|
18 |
__#include __ |
|
|
19 |
|
|
|
20 |
|
|
|
21 |
__char *crypt(const char *__''key''__, const char |
|
|
22 |
*__''salt''__);__ |
|
|
23 |
!!DESCRIPTION |
|
|
24 |
|
|
|
25 |
|
|
|
26 |
__crypt__ provides acess to two algorithms for password |
|
|
27 |
encryption. One it's based on the Data Encryption Standard |
|
|
28 |
algorithm with variations intended (among other things) to |
|
|
29 |
discourage use of hardware implementations of a key |
|
|
30 |
search. |
|
|
31 |
|
|
|
32 |
|
|
|
33 |
''key'' is a user's typed password. |
|
|
34 |
|
|
|
35 |
|
|
|
36 |
''salt'' is a two-character string chosen from the set |
|
|
37 |
[[__a__-__zA__-__Z0__-__9./__]. This string is |
|
|
38 |
used to perturb the algorithm in one of 4096 different |
|
|
39 |
ways. |
|
|
40 |
|
|
|
41 |
|
|
|
42 |
By taking the lowest 7 bit of each character of the |
|
|
43 |
''key'', a 56-bit key is obtained. This 56-bit key is |
|
|
44 |
used to encrypt repeatedly a constant string (usually a |
|
|
45 |
string consisting of all zeros). The returned value points |
|
|
46 |
to the encrypted password, a series of 13 printable ASCII |
|
|
47 |
characters (the first two characters represent the salt |
|
|
48 |
itself). The return value points to static data whose |
|
|
49 |
content is overwritten by each call. |
|
|
50 |
|
|
|
51 |
|
|
|
52 |
Warning: The key space consists of 2 56 equal |
|
|
53 |
7.2e16 possible values. Exhaustive searches of this key |
|
|
54 |
space are possible using massively parallel computers. |
|
|
55 |
Software, such as crack(1), is available which will |
|
|
56 |
search the portion of this key space that is generally used |
|
|
57 |
by humans for passwords. Hence, password selection should, |
|
|
58 |
at minimum, avoid common words and names. The use of a |
|
|
59 |
passwd(1) program that checks for crackable passwords |
|
|
60 |
during the selection process is recommended. |
|
|
61 |
|
|
|
62 |
|
|
|
63 |
The DES algorithm itself has a few quirks which make the use |
|
|
64 |
of the crypt(3) interface a very poor choice for |
|
|
65 |
anything other than password authentication. If you are |
|
|
66 |
planning on using the crypt(3) interface for a |
|
|
67 |
cryptography project, don't do it: get a good book on |
|
|
68 |
encryption and one of the widely available DES |
|
|
69 |
libraries. |
|
|
70 |
!!RETURN VALUE |
|
|
71 |
|
|
|
72 |
|
|
|
73 |
A pointer to the encrypted password is returned. On error, |
|
|
74 |
NULL is returned. |
|
|
75 |
!!ERRORS |
|
|
76 |
|
|
|
77 |
|
|
|
78 |
__ENOSYS__ |
|
|
79 |
|
|
|
80 |
|
|
|
81 |
The __crypt__ function was not implemented, probably |
|
|
82 |
because of U.S.A. export restrictions. |
|
|
83 |
|
|
|
84 |
|
|
|
85 |
If the salt starts with ''$1$'' an MD5 based password |
|
|
86 |
hashing algorithm is applied. The salt should consist off |
|
|
87 |
''$1$'' followed with eight characters. |
|
|
88 |
|
|
|
89 |
|
|
|
90 |
Programs using this function must be linked with |
|
|
91 |
-lcrypt. |
|
|
92 |
!!CONFORMING TO |
|
|
93 |
|
|
|
94 |
|
|
|
95 |
SVID, X/OPEN, BSD 4.3 |
|
|
96 |
!!SEE ALSO |
|
|
97 |
|
|
|
98 |
|
|
|
99 |
login(1), passwd(1), encrypt(3), |
|
|
100 |
getpass(3), passwd(5) |
|
|
101 |
---- |