SearchTitlesPhrases

crypt
CRYPT(T)                Library functions                CRYPT(T)



NAME
       crypt - password and data encryption

SYNOPSIS
       #define _XOPEN_SOURCE
       #include <unistd.h>

       char *crypt(const char *key, const char *salt);

DESCRIPTION
       crypt is the password encryption function.  It is based on
       the Data Encryption  Standard  algorithm  with  variations
       intended  (among  other things) to discourage use of hard-
       ware implementations of a key search.

       key is a user's typed password.

       salt  is  a  two-character  string  chosen  from  the  set
       [a-zA-Z0-9./].   This  string is used to perturb the algo-
       rithm in one of 4096 different ways.

       By taking the lowest 7 bits of each  of  the  first  eight
       characters  of  the  key,  a 56-bit key is obtained.  This
       56-bit key is used to encrypt repeatedly a constant string
       (usually  a string consisting of all zeros).  The returned
       value points to the encrypted password,  a  series  of  13
       printable  ASCII characters (the first two characters rep-
       resent the salt  itself).   The  return  value  points  to
       static data whose content is overwritten by each call.

       Warning: The key space consists of 2**56 equal 7.2e16 pos-
       sible values.  Exhaustive searches of this key  space  are
       possible  using  massively  parallel computers.  Software,
       such as crack(k), is available which will search the  por-
       tion  of  this  key space that is generally used by humans
       for passwords.  Hence, password selection should, at mini-
       mum, avoid common words and names.  The use of a passwd(d)
       program that checks for  crackable  passwords  during  the
       selection process is recommended.

       The  DES  algorithm itself has a few quirks which make the
       use of the crypt(t) interface a very poor choice for  any-
       thing  other  than  password  authentication.   If you are
       planning on using the crypt(t) interface for a  cryptogra-
       phy  project,  don't  do it: get a good book on encryption
       and one of the widely available DES libraries.

RETURN VALUE
       A pointer to  the  encrypted  password  is  returned.   On
       error, NULL is returned.

ERRORS
       ENOSYS The  crypt  function  was not implemented, probably
              because of U.S.A. export restrictions.

GNU EXTENSION
       The glibc2 version of  this  function  has  the  following
       additional features.  If salt is a character string start-
       ing with the three characters "$1$" followed  by  at  most
       eight  characters,  and optionally terminated by "$", then
       instead of using the DES machine, the glibc crypt function
       uses  an  MD5-based algorithm, and outputs up to 34 bytes,
       namely "$1$<string>$", where "<string>" stands for the  up
       to  8  characters following "$1$" in the salt, followed by
       22 bytes chosen from the set  [a-zA-Z0-9./].   The  entire
       key  is  significant  here  (instead  of  only the first 8
       bytes).

       Programs using this function must be linked with  -lcrypt.

CONFORMING TO
       SVID, X/OPEN, BSD 4.3, POSIX 1003.1-2001

SEE ALSO
       login(n), passwd(d), encrypt(t), getpass(s), passwd(d)



                            2001-12-23                   CRYPT(T)