

CRYPT(3)                Library functions                CRYPT(3)


NNAAMMEE
       crypt - password and data encryption

SSYYNNOOPPSSIISS
       ##ddeeffiinnee __XXOOPPEENN__SSOOUURRCCEE
       ##iinncclluuddee <<uunniissttdd..hh>>

       cchhaarr **ccrryypptt((ccoonnsstt cchhaarr **_k_e_y,, ccoonnsstt cchhaarr **_s_a_l_t));;

DDEESSCCRRIIPPTTIIOONN
       ccrryypptt is the password encryption function.  It is based on
       the Data Encryption  Standard  algorithm  with  variations
       intended  (among  other things) to discourage use of hard­
       ware implementations of a key search.

       _k_e_y is a user's typed password.

       _s_a_l_t  is  a  two-character  string  chosen  from  the  set
       [aa-zzAA-ZZ00-99..//].   This  string is used to perturb the algo­
       rithm in one of 4096 different ways.

       By taking the lowest 7 bit of each character of the _k_e_y, a
       56-bit  key  is  obtained.   This  56-bit  key  is used to
       encrypt repeatedly a constant  string  (usually  a  string
       consisting  of  all  zeros).  The returned value points to
       the encrypted password, a series  of  13  printable  ASCII
       characters  (the  first  two characters represent the salt
       itself).  The return value points  to  static  data  whose
       content is overwritten by each call.

       Warning: The key space consists of 2**56 equal 7.2e16 pos­
       sible values.  Exhaustive searches of this key  space  are
       possible  using  massively  parallel computers.  Software,
       such as ccrraacckk(1), is available which will search the  por­
       tion  of  this  key space that is generally used by humans
       for passwords.  Hence, password selection should, at mini­
       mum, avoid common words and names.  The use of a ppaasssswwdd(1)
       program that checks for  crackable  passwords  during  the
       selection process is recommended.

       The  DES  algorithm itself has a few quirks which make the
       use of the ccrryypptt(3) interface a very poor choice for  any­
       thing  other  than  password  authentication.   If you are
       planning on using the ccrryypptt(3) interface for a  cryptogra­
       phy  project,  don't  do it: get a good book on encryption
       and one of the widely available DES libraries.

CCOONNFFOORRMMIINNGG TTOO
       SVID, X/OPEN, BSD 4.3

SSEEEE AALLSSOO
       llooggiinn(1), ppaasssswwdd(1), eennccrryypptt(3), ggeettppaassss(3), ppaasssswwdd(5)


                        September 3, 1994                       1