CRYPT(3) BSD Programmer's Manual CRYPT(3) NNAAMMEE ccrryypptt, sseettkkeeyy, eennccrryypptt, ddeess__sseettkkeeyy, ddeess__cciipphheerr - DES encryption SSYYNNOOPPSSIISS _c_h_a_r **ccrryypptt(_c_o_n_s_t _c_h_a_r _*_k_e_y, _c_o_n_s_t _c_h_a_r _*_s_e_t_t_i_n_g); _i_n_t sseettkkeeyy(_c_h_a_r _*_k_e_y); _i_n_t eennccrryypptt(_c_h_a_r _*_b_l_o_c_k, _i_n_t _f_l_a_g); _i_n_t ddeess__sseettkkeeyy(_c_o_n_s_t _c_h_a_r _*_k_e_y); _i_n_t ddeess__cciipphheerr(_c_o_n_s_t _c_h_a_r _*_i_n, _c_h_a_r _*_o_u_t, _l_o_n_g _s_a_l_t, _i_n_t _c_o_u_n_t); DDEESSCCRRIIPPTTIIOONN The crypt function performs password encryption. It is derived from the NBS Data Encryption Standard. Additional code has been added to deter key search attempts. The first argument to ccrryypptt is a NUL-terminated string (normally a password typed by a user). The second is a character array, 9 bytes in length, consisting of an underscore (``_'') followed by 4 bytes of iteration count and 4 bytes of salt. Both the iteration _c_o_u_n_t and the _s_a_l_t are encoded with 6 bits per character, least significant bits first. The values 0 to 63 are encoded by the characters ``./0-9A- Za-z'', respectively. The _s_a_l_t is used to induce disorder in to the DES algorithm in one of 16777216 possible ways (specifically, if bit _i of the _s_a_l_t is set then bits _i and _i_+_2_4 are swapped in the DES ``E'' box output). The _k_e_y is di- vided into groups of 8 characters (a short final group is null-padded) and the low-order 7 bits of each each character (56 bits per group) are used to form the DES key as follows: the first group of 56 bits becomes the initial DES key. For each additional group, the XOR of the group bits and the encryption of the DES key with itself becomes the next DES key. Then the final DES key is used to perform _c_o_u_n_t cumulative encryp- tions of a 64-bit constant. The value returned is a NUL-terminated string, 20 bytes in length, consisting of the _s_e_t_t_i_n_g followed by the en- coded 64-bit encryption. For compatibility with historical versions of crypt(3), the _s_e_t_t_i_n_g may consist of 2 bytes of salt, encoded as above, in which case an iteration _c_o_u_n_t of 25 is used, fewer perturbations of DES are available, at most 8 characters of _k_e_y are used, and the returned value is a NUL-terminated string 13 bytes in length. The functions, eennccrryypptt(), sseettkkeeyy(), ddeess__sseettkkeeyy() and ddeess__cciipphheerr() allow limited access to the DES algorithm itself. The _k_e_y argument to sseettkkeeyy() is a 64 character array of binary values (numeric 0 or 1). A 56-bit key is derived from this array by dividing the array into groups of 8 and ig- noring the last bit in each group. The eennccrryypptt() argument _b_l_o_c_k is also a 64 character array of binary val- ues. If the value of _f_l_a_g is 0, the argument _b_l_o_c_k is encrypted, other- wise it is decrypted. The encryption or decryption is returned in the original array _b_l_o_c_k after using the key specified by sseettkkeeyy() to process it. The ddeess__sseettkkeeyy() and ddeess__cciipphheerr() functions are faster but less portable than sseettkkeeyy() and eennccrryypptt(). The argument to ddeess__sseettkkeeyy() is a character array of length 8. The _l_e_a_s_t significant bit in each character is ig- nored and the next 7 bits of each character are concatenated to yield a 56-bit key. The function ddeess__cciipphheerr() encrypts (or decrypts if _c_o_u_n_t is negative) the 64-bits stored in the 8 characters at _i_n using abs(3) of _c_o_u_n_t iterations of DES and stores the 64-bit result in the 8 characters at _o_u_t. The _s_a_l_t specifies perturbations to DES as described above. The function ccrryypptt() returns a pointer to the encrypted value on success and NULL on failure. The functions sseettkkeeyy(), eennccrryypptt(), ddeess__sseettkkeeyy(), and ddeess__cciipphheerr() return 0 on success and 1 on failure. Historically, the functions sseettkkeeyy() and eennccrryypptt() did not return any value. They have been provided return values primarily to distinguish implementations where hardware support is provided but not available or where the DES en- cryption is not available due to the usual political silliness. SSEEEE AALLSSOO login(1), passwd(1), getpass(3), passwd(5) Wayne Patterson, _M_a_t_h_e_m_a_t_i_c_a_l _C_r_y_p_t_o_l_o_g_y _f_o_r _C_o_m_p_u_t_e_r _S_c_i_e_n_t_i_s_t_s _a_n_d _M_a_t_h_e_m_a_t_i_c_i_a_n_s, ISBN 0-8476-7438-X, 1987. R. Morris, and Ken Thompson, "Password Security: A Case History", _C_o_m_m_u_n_i_c_a_t_i_o_n_s _o_f _t_h_e _A_C_M, vol. 22, pp. 594-597, Nov. 1979. M.E. Hellman, "DES will be Totally Insecure within Ten Years", _I_E_E_E _S_p_e_c_t_r_u_m, vol. 16, pp. 32-39, July 1979. HHIISSTTOORRYY A rotor-based ccrryypptt() function appeared in Version 6 AT&T UNIX. The cur- rent style ccrryypptt() first appeared in Version 7 AT&T UNIX. BBUUGGSS Dropping the _l_e_a_s_t significant bit in each character of the argument to ddeess__sseettkkeeyy() is ridiculous. The ccrryypptt() function leaves its result in an internal static object and returns a pointer to that object. Subsequent calls to ccrryypptt() will modi- fy the same object. 4.4BSD June 4, 1993 2