crypt

Name

crypt
- password and data encryption

Library

libcrypt.lib

Synopsis

#include <unistd.h>

char * crypt (const char *key, const char *salt);

Return values

The crypt function returns a pointer to the encrypted value on success, and NULL on failure.

Detailed description

The crypt function performs password hashing with additional code added to thwart dictionary attack. Different algorithms can be used in the hash. Currently the implementation supports Data Encryption Standard (DES) and MD5 hash algorithms. However, the actual algorithm used during the call to crypt depends on the salt parameter.

The first argument to crypt is the data to hash (usually a password), in a NULL -terminated string. The second is the salt, in one of two forms:

Modular If salt begins with the string "$digit$" then the Modular Crypt Format is used.

Traditional
salt parameter is a two-character string chosen from the set [a-zA-Z0-9./].

Modular crypt:

If salt begins with the string $digit$ then Modular Crypt Format is used. The digit identifies the algorithm used for encryption. Currently MD5 hash is implemented. So digit will be 1 and hence the second argument to this function will be a string beginning with "$1$" followed by at most 8 characters (actual salt to be used in the encryption), and optionally terminated by "$" If the optional "$" is included then the characters following the dollar sign are ignored. The output of this operation will be a string containing 34 characters in the format "$1$<string>$"
"<string>" consists of the actual salt (the at most 8 characters string following "$1$" in the salt), followed by 22 bytes of data from the set [a-zA-Z0-9./].
Other crypt formats may be easily added. An example salt would be:

$4$thesalt$rest

Traditional crypt:

It is based on Data Encryption Standard algorithm (DES). salt is a two-character string chosen from the set [a-zA-Z0-9./]. In order to thwart the Dictionary Attack, the two-character salt is used to perturb the algorithm in 4096 ways.
The 56-bit key for the DES algorithm is obtained by taking the lowest 7 bits of each of the first eight characters of the key. The key thus obtained is used to encrypt a constant string (a string containing all zeroes).
The return value of this function is a pointer to a static buffer. So the function is not reentrant.

Example

#include <stdlib.h>
#include <unistd.h>
void crypt_user()
{
        char *p = NULL,
             *q = NULL;
        /* Invoke crypt() to perform password hashing */
        p = crypt("password", "S1");    /* p contains the hash of "password"
                                                 * when "S1" is used as the key. DES
                                                 * encryption algoritm is used in this
                                                 * scenario
                                                 */
        q = crypt("password", "$1$Salt1");
                                                /* q contains the hash of "password"
                                                 * as computed by the MD5 hash algorithm
                                                 */
}

Bugs

Output of crypt differs from that of Linux’s when NULL passed as salt.

Feedback

For additional information or queries on this page send feedback

Modular	If `salt` begins with the string "$digit$" then the Modular Crypt Format is used.
Traditional
	`salt` parameter is a two-character string chosen from the set [a-zA-Z0-9./].