.TH CRYPT 3C .SH NAME crypt, setkey, encrypt \- \s-1DES\s+1 encryption .SH SYNOPSIS .B char \(**crypt (key, salt) .br .B char \(**key, \(**salt; .PP .B setkey (key) .br .B char \(**key; .PP .B encrypt (block, edflag) .br .B char \(**block; .br .B int edflag; .SH DESCRIPTION .I Crypt\^ is the password encryption routine. It is based on the .SM NBS Data Encryption Standard (\s-1DES\s+1), with variations intended (among other things) to frustrate use of hardware implementations of the .SM DES for key search. .PP The first argument to .I crypt\^ is a user's typed password. The second is a 2-character string chosen from the set [\f3a-zA-Z0-9./\fP]; this .I salt\^ string is used to perturb the .SM DES algorithm in one of 4096 different ways, after which the password is used as the key to encrypt repeatedly a constant string. The returned value points to the encrypted password, in the same alphabet as the salt. The first two characters are the salt itself. .PP The .I setkey\^ and .I encrypt\^ entries provide (rather primitive) access to the actual .SM DES algorithm. The argument of .I setkey\^ is a character array of length 64 containing only the characters with numerical value 0 and 1. If this string is divided into groups of 8, the low-order bit in each group is ignored, leading to a 56-bit key which is set into the machine. .PP The argument to the .I encrypt\^ entry is likewise a character array of length 64 containing 0's and 1's. The argument array is modified in place to a similar array representing the bits of the argument after having been subjected to the .SM DES algorithm using the key set by .IR setkey . If .I edflag\^ is 0, the argument is encrypted; if non-zero, it is decrypted. .SH SEE ALSO login(1), passwd(1), getpass(3C), passwd(5). .SH BUGS The return value points to static data that are overwritten by each call.