version 1, including all changes.
.
| Rev |
Author |
# |
Line |
| 1 |
perry |
1 |
CRYPT |
| |
|
2 |
!!!CRYPT |
| |
|
3 |
NAME |
| |
|
4 |
SYNOPSIS |
| |
|
5 |
DESCRIPTION |
| |
|
6 |
RETURN VALUE |
| |
|
7 |
ERRORS |
| |
|
8 |
CONFORMING TO |
| |
|
9 |
SEE ALSO |
| |
|
10 |
---- |
| |
|
11 |
!!NAME |
| |
|
12 |
|
| |
|
13 |
|
| |
|
14 |
crypt - password and data encryption |
| |
|
15 |
!!SYNOPSIS |
| |
|
16 |
|
| |
|
17 |
|
| |
|
18 |
__#include __ |
| |
|
19 |
|
| |
|
20 |
|
| |
|
21 |
__char *crypt(const char *__''key''__, const char |
| |
|
22 |
*__''salt''__);__ |
| |
|
23 |
!!DESCRIPTION |
| |
|
24 |
|
| |
|
25 |
|
| |
|
26 |
__crypt__ provides acess to two algorithms for password |
| |
|
27 |
encryption. One it's based on the Data Encryption Standard |
| |
|
28 |
algorithm with variations intended (among other things) to |
| |
|
29 |
discourage use of hardware implementations of a key |
| |
|
30 |
search. |
| |
|
31 |
|
| |
|
32 |
|
| |
|
33 |
''key'' is a user's typed password. |
| |
|
34 |
|
| |
|
35 |
|
| |
|
36 |
''salt'' is a two-character string chosen from the set |
| |
|
37 |
[[__a__-__zA__-__Z0__-__9./__]. This string is |
| |
|
38 |
used to perturb the algorithm in one of 4096 different |
| |
|
39 |
ways. |
| |
|
40 |
|
| |
|
41 |
|
| |
|
42 |
By taking the lowest 7 bit of each character of the |
| |
|
43 |
''key'', a 56-bit key is obtained. This 56-bit key is |
| |
|
44 |
used to encrypt repeatedly a constant string (usually a |
| |
|
45 |
string consisting of all zeros). The returned value points |
| |
|
46 |
to the encrypted password, a series of 13 printable ASCII |
| |
|
47 |
characters (the first two characters represent the salt |
| |
|
48 |
itself). The return value points to static data whose |
| |
|
49 |
content is overwritten by each call. |
| |
|
50 |
|
| |
|
51 |
|
| |
|
52 |
Warning: The key space consists of 2 56 equal |
| |
|
53 |
7.2e16 possible values. Exhaustive searches of this key |
| |
|
54 |
space are possible using massively parallel computers. |
| |
|
55 |
Software, such as crack(1), is available which will |
| |
|
56 |
search the portion of this key space that is generally used |
| |
|
57 |
by humans for passwords. Hence, password selection should, |
| |
|
58 |
at minimum, avoid common words and names. The use of a |
| |
|
59 |
passwd(1) program that checks for crackable passwords |
| |
|
60 |
during the selection process is recommended. |
| |
|
61 |
|
| |
|
62 |
|
| |
|
63 |
The DES algorithm itself has a few quirks which make the use |
| |
|
64 |
of the crypt(3) interface a very poor choice for |
| |
|
65 |
anything other than password authentication. If you are |
| |
|
66 |
planning on using the crypt(3) interface for a |
| |
|
67 |
cryptography project, don't do it: get a good book on |
| |
|
68 |
encryption and one of the widely available DES |
| |
|
69 |
libraries. |
| |
|
70 |
!!RETURN VALUE |
| |
|
71 |
|
| |
|
72 |
|
| |
|
73 |
A pointer to the encrypted password is returned. On error, |
| |
|
74 |
NULL is returned. |
| |
|
75 |
!!ERRORS |
| |
|
76 |
|
| |
|
77 |
|
| |
|
78 |
__ENOSYS__ |
| |
|
79 |
|
| |
|
80 |
|
| |
|
81 |
The __crypt__ function was not implemented, probably |
| |
|
82 |
because of U.S.A. export restrictions. |
| |
|
83 |
|
| |
|
84 |
|
| |
|
85 |
If the salt starts with ''$1$'' an MD5 based password |
| |
|
86 |
hashing algorithm is applied. The salt should consist off |
| |
|
87 |
''$1$'' followed with eight characters. |
| |
|
88 |
|
| |
|
89 |
|
| |
|
90 |
Programs using this function must be linked with |
| |
|
91 |
-lcrypt. |
| |
|
92 |
!!CONFORMING TO |
| |
|
93 |
|
| |
|
94 |
|
| |
|
95 |
SVID, X/OPEN, BSD 4.3 |
| |
|
96 |
!!SEE ALSO |
| |
|
97 |
|
| |
|
98 |
|
| |
|
99 |
login(1), passwd(1), encrypt(3), |
| |
|
100 |
getpass(3), passwd(5) |
| |
|
101 |
---- |
