Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
CRYPT(3)		       Library functions		      CRYPT(3)

NAME
       crypt - password	and data encryption

SYNOPSIS
       #define _XOPEN_SOURCE
       #include	<unistd.h>

       char *crypt(const char *key, const char *salt);

DESCRIPTION
       crypt is	the password encryption	function.  It is based on the Data En-
       cryption	Standard  algorithm  with  variations  intended	 (among	 other
       things) to discourage use of hardware implementations of	a key search.

       key is a	user's typed password.

       salt is a two-character string chosen from the set [a-zA-Z0-9./].  This
       string is used to perturb the algorithm in one of 4096 different	ways.

       By taking the lowest 7 bits of each of the first	 eight	characters  of
       the  key, a 56-bit key is obtained.  This 56-bit	key is used to encrypt
       repeatedly a constant string (usually a string consisting  of  all  ze-
       ros).  The returned value points	to the encrypted password, a series of
       13 printable ASCII characters (the first	two characters	represent  the
       salt  itself).  The return value	points to static data whose content is
       overwritten by each call.

       Warning:	The key	space consists of 2**56	equal 7.2e16 possible  values.
       Exhaustive searches of this key space are possible using	massively par-
       allel computers.	 Software, such	as crack(1), is	available  which  will
       search  the  portion of this key	space that is generally	used by	humans
       for passwords.  Hence, password selection  should,  at  minimum,	 avoid
       common words and	names.	The use	of a passwd(1) program that checks for
       crackable passwords during the selection	process	is recommended.

       The DES algorithm itself	has a few quirks which make  the  use  of  the
       crypt(3)	 interface a very poor choice for anything other than password
       authentication.	If you are planning on using  the  crypt(3)  interface
       for  a cryptography project, don't do it: get a good book on encryption
       and one of the widely available DES libraries.

RETURN VALUE
       A pointer to the	encrypted password is returned.	 On error, NULL	is re-
       turned.

ERRORS
       ENOSYS The  crypt  function  was	 not  implemented, probably because of
	      U.S.A. export restrictions.

GNU EXTENSION
       The glibc2 version of this function has the following  additional  fea-
       tures.	If  salt is a character	string starting	with the three charac-
       ters "$1$" followed by at most eight characters,	and optionally	termi-
       nated  by  "$",	then instead of	using the DES machine, the glibc crypt
       function	uses an	MD5-based algorithm,  and  outputs  up	to  34	bytes,
       namely  "$1$<string>$", where "<string>"	stands for the up to 8 charac-
       ters following "$1$" in the salt, followed by 22	bytes chosen from  the
       set [a-zA-Z0-9./].  The entire key is significant here (instead of only
       the first 8 bytes).

       Programs	using this function must be linked with	-lcrypt.

CONFORMING TO
       SVID, X/OPEN, BSD 4.3, POSIX 1003.1-2001

SEE ALSO
       login(1), passwd(1), encrypt(3),	getpass(3), passwd(5)

				  2001-12-23			      CRYPT(3)

NAME | SYNOPSIS | DESCRIPTION | RETURN VALUE | ERRORS | GNU EXTENSION | CONFORMING TO | SEE ALSO

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=crypt&sektion=3&manpath=Red+Hat+9>

home | help