1CRYPT(3) 386BSD Programmer's Manual CRYPT(3) 2 3NNAAMMEE 4 ccrryypptt, sseettkkeeyy, eennccrryypptt, ddeess__sseettkkeeyy, ddeess__cciipphheerr - DES encryption 5 6SSYYNNOOPPSSIISS 7 _c_h_a_r 8 **ccrryypptt(_c_o_n_s_t _c_h_a_r *_k_e_y, _c_o_n_s_t _c_h_a_r *_s_e_t_t_i_n_g) 9 10 _i_n_t 11 sseettkkeeyy(_c_h_a_r *_k_e_y) 12 13 _i_n_t 14 eennccrryypptt(_c_h_a_r *_b_l_o_c_k, _i_n_t _f_l_a_g) 15 16 _i_n_t 17 ddeess__sseettkkeeyy(_c_o_n_s_t _c_h_a_r *_k_e_y) 18 19 _i_n_t 20 ddeess__cciipphheerr(_c_o_n_s_t _c_h_a_r *_i_n, _c_h_a_r *_o_u_t, _l_o_n_g _s_a_l_t, _i_n_t _c_o_u_n_t) 21 22DDEESSCCRRIIPPTTIIOONN 23 The crypt function performs password encryption. It is derived from the 24 NBS Data Encryption Standard. Additional code has been added to deter 25 key search attempts. The first argument to ccrryypptt is a NUL-terminated 26 string (normally a password typed by a user). The second is a character 27 array, 9 bytes in length, consisting of an underscore (``_'') followed by 28 4 bytes of iteration count and 4 bytes of salt. Both the iteration _c_o_u_n_t 29 and the _s_a_l_t are encoded with 6 bits per character, least significant 30 bits first. The values 0 to 63 are encoded by the characters ``./0-9A- 31 Za-z'', respectively. 32 33 The _s_a_l_t is used to induce disorder in to the DES algorithm in one of 34 16777216 possible ways (specifically, if bit _i of the _s_a_l_t is set then 35 bits _i and _i+_2_4 are swapped in the DES ``E'' box output). The _k_e_y is 36 divided into groups of 8 characters (a short final group is null-padded) 37 and the low-order 7 bits of each each character (56 bits per group) are 38 used to form the DES key as follows: the first group of 56 bits becomes 39 the initial DES key. For each additional group, the XOR of the group 40 bits and the encryption of the DES key with itself becomes the next DES 41 key. Then the final DES key is used to perform _c_o_u_n_t cumulative 42 encryptions of a 64-bit constant. The value returned is a NUL-terminated 43 string, 20 bytes in length, consisting of the _s_e_t_t_i_n_g followed by the 44 encoded 64-bit encryption. 45 46 For compatibility with historical versions of crypt(3), the _s_e_t_t_i_n_g may 47 consist of 2 bytes of salt, encoded as above, in which case an iteration 48 _c_o_u_n_t of 25 is used, fewer perturbations of DES are available, at most 8 49 characters of _k_e_y are used, and the returned value is a NUL-terminated 50 string 13 bytes in length. 51 52 The functions, eennccrryypptt(), sseettkkeeyy(), ddeess__sseettkkeeyy() and ddeess__cciipphheerr() allow 53 limited access to the DES algorithm itself. The _k_e_y argument to sseettkkeeyy() 54 is a 64 character array of binary values (numeric 0 or 1). A 56-bit key 55 is derived from this array by dividing the array into groups of 8 and 56 ignoring the last bit in each group. 57 58 The eennccrryypptt() argument _b_l_o_c_k is also a 64 character array of binary 59 values. If the value of _f_l_a_g is 0, the argument _b_l_o_c_k is encrypted, 60 otherwise it is decrypted. The encryption or decryption is returned in 61 the original array _b_l_o_c_k after using the key specified by sseettkkeeyy() to 62 process it. 63 64 The ddeess__sseettkkeeyy() and ddeess__cciipphheerr() functions are faster but less portable 65 than sseettkkeeyy() and eennccrryypptt(). The argument to ddeess__sseettkkeeyy() is a character 66 array of length 8. The _l_e_a_s_t significant bit in each character is 67 ignored and the next 7 bits of each character are concatenated to yield a 68 56-bit key. The function ddeess__cciipphheerr() encrypts (or decrypts if _c_o_u_n_t is 69 negative) the 64-bits stored in the 8 characters at _i_n using abs(3) of 70 _c_o_u_n_t iterations of DES and stores the 64-bit result in the 8 characters 71 at _o_u_t. The _s_a_l_t specifies perturbations to DES as described above. 72 73 The function ccrryypptt() returns a pointer to the encrypted value on success 74 and NULL on failure. The functions sseettkkeeyy(), eennccrryypptt(), ddeess__sseettkkeeyy(), 75 and ddeess__cciipphheerr() return 0 on success and 1 on failure. Historically, the 76 functions sseettkkeeyy() and eennccrryypptt() did not return any value. They have 77 been provided return values primarily to distinguish implementations 78 where hardware support is provided but not available or where the DES 79 encryption is not available due to the usual political silliness. 80 81SSEEEE AALLSSOO 82 login(1), passwd(1), getpass(3), passwd(5) 83 84 85 Wayne Patterson, _M_a_t_h_e_m_a_t_i_c_a_l _C_r_y_p_t_o_l_o_g_y _f_o_r _C_o_m_p_u_t_e_r _S_c_i_e_n_t_i_s_t_s _a_n_d 86 _M_a_t_h_e_m_a_t_i_c_i_a_n_s, ISBN 0-8476-7438-X, 1987. 87 88 R. Morris, and Ken Thompson, "Password Security: A Case History", 89 _C_o_m_m_u_n_i_c_a_t_i_o_n_s _o_f _t_h_e _A_C_M, vol. 22, pp. 594-597, Nov. 1979. 90 91 M.E. Hellman, "DES will be Totally Insecure within Ten Years", _I_E_E_E 92 _S_p_e_c_t_r_u_m, vol. 16, pp. 32-39, July 1979. 93 94HHIISSTTOORRYY 95 A rotor-based ccrryypptt() function appeared in Version 6 AT&T UNIX. The 96 current style ccrryypptt() first appeared in Version 7 AT&T UNIX. 97 98BBUUGGSS 99 Dropping the _l_e_a_s_t significant bit in each character of the argument to 100 ddeess__sseettkkeeyy() is ridiculous. 101 102 The ccrryypptt() function leaves its result in an internal static object and 103 returns a pointer to that object. Subsequent calls to ccrryypptt() will 104 modify the same object. 105 106BSD Experimental May 21, 1991 2 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133