Computer Science
CRYPT(3) Library functions CRYPT(3)
NAME
crypt - password and data encryption
SYNOPSIS
#define _XOPEN_SOURCE
#include <unistd.h>
char *crypt(const char *key, const char *salt);
DESCRIPTION
crypt is the password encryption function. It is based on
the Data Encryption Standard algorithm with variations
intended (among other things) to discourage use of hard-
ware implementations of a key search.
key is a user's typed password.
salt is a two-character string chosen from the set
[a-zA-Z0-9./]. This string is used to perturb the algo-
rithm in one of 4096 different ways.
By taking the lowest 7 bit of each character of the key, a
56-bit key is obtained. This 56-bit key is used to
encrypt repeatedly a constant string (usually a string
consisting of all zeros). The returned value points to
the encrypted password, a series of 13 printable ASCII
characters (the first two characters represent the salt
itself). The return value points to static data whose
content is overwritten by each call.
Warning: The key space consists of 2**56 equal 7.2e16 pos-
sible values. Exhaustive searches of this key space are
possible using massively parallel computers. Software,
such as crack(1), is available which will search the por-
tion of this key space that is generally used by humans
for passwords. Hence, password selection should, at mini-
mum, avoid common words and names. The use of a passwd(1)
program that checks for crackable passwords during the
selection process is recommended.
The DES algorithm itself has a few quirks which make the
use of the crypt(3) interface a very poor choice for any-
thing other than password authentication. If you are
planning on using the crypt(3) interface for a cryptogra-
phy project, don't do it: get a good book on encryption
and one of the widely available DES libraries.
CONFORMING TO
SVID, X/OPEN, BSD 4.3
SEE ALSO
login(1), passwd(1), encrypt(3), getpass(3), passwd(5)
September 3, 1994 1
Back to the index
