Home Man
Today's Posts

Linux & Unix Commands - Search Man Pages

RedHat 9 (Linux i386) - man page for crypt (redhat section 3)

CRYPT(3)				Library functions				 CRYPT(3)

       crypt - password and data encryption

       #define _XOPEN_SOURCE
       #include <unistd.h>

       char *crypt(const char *key, const char *salt);

       crypt  is  the  password encryption function.  It is based on the Data Encryption Standard
       algorithm with variations intended (among other things)	to  discourage	use  of  hardware
       implementations of a key search.

       key is a user's typed password.

       salt  is a two-character string chosen from the set [a-zA-Z0-9./].  This string is used to
       perturb the algorithm in one of 4096 different ways.

       By taking the lowest 7 bits of each of the first eight characters of the key, a 56-bit key
       is  obtained.   This 56-bit key is used to encrypt repeatedly a constant string (usually a
       string consisting of all zeros).  The returned value points to the encrypted  password,	a
       series  of  13  printable  ASCII  characters  (the first two characters represent the salt
       itself).  The return value points to static data whose  content	is  overwritten  by  each

       Warning:  The  key  space  consists  of	2**56  equal  7.2e16 possible values.  Exhaustive
       searches of this key space are possible using  massively  parallel  computers.	Software,
       such  as  crack(1),  is	available which will search the portion of this key space that is
       generally used by humans for passwords.	Hence, password  selection  should,  at  minimum,
       avoid  common  words  and names.  The use of a passwd(1) program that checks for crackable
       passwords during the selection process is recommended.

       The DES algorithm itself has a few quirks which make the use of the crypt(3)  interface	a
       very  poor choice for anything other than password authentication.  If you are planning on
       using the crypt(3) interface for a cryptography project, don't do it: get a good  book  on
       encryption and one of the widely available DES libraries.

       A pointer to the encrypted password is returned.  On error, NULL is returned.

       ENOSYS The  crypt function was not implemented, probably because of U.S.A. export restric-

       The glibc2 version of this function has the following additional features.  If salt  is	a
       character  string starting with the three characters "$1$" followed by at most eight char-
       acters, and optionally terminated by "$", then instead of using the DES machine, the glibc
       crypt  function	uses  an  MD5-based  algorithm,  and  outputs  up  to  34  bytes,  namely
       "$1$<string>$", where "<string>" stands for the up to 8 characters following "$1$" in  the
       salt,  followed by 22 bytes chosen from the set [a-zA-Z0-9./].  The entire key is signifi-
       cant here (instead of only the first 8 bytes).

       Programs using this function must be linked with -lcrypt.

       SVID, X/OPEN, BSD 4.3, POSIX 1003.1-2001

       login(1), passwd(1), encrypt(3), getpass(3), passwd(5)

					    2001-12-23					 CRYPT(3)

All times are GMT -4. The time now is 02:25 PM.

Unix & Linux Forums Content Copyrightę1993-2018. All Rights Reserved.
Show Password