Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
CRYPT(3)		 BSD Library Functions Manual		      CRYPT(3)

     crypt, setkey, encrypt, des_setkey, des_cipher -- DES encryption

     #include <unistd.h>

     char *
     crypt(const char *key, const char *setting);

     setkey(const char *key);

     encrypt(char *block, int flag);

     des_setkey(const char *key);

     des_cipher(const char *in,	char *out, long	salt, int count);

     The crypt() function performs password encryption.	 It is derived from
     the NBS Data Encryption Standard.	Additional code	has been added to de-
     ter key search attempts.  The first argument to crypt is a	NUL-terminated
     string (normally a	password typed by a user).  The	second is a character
     array, 9 bytes in length, consisting of an	underscore (``_'') followed by
     4 bytes of	iteration count	and 4 bytes of salt.  Both the iteration count
     and the salt are encoded with 6 bits per character, least significant
     bits first.  The values 0 to 63 are encoded by the	characters ``./0-9A-
     Za-z'', respectively.

     The salt is used to induce	disorder in to the DES algorithm in one	of
     16777216 possible ways (specifically, if bit i of the salt	is set then
     bits i and	i+24 are swapped in the	DES ``E'' box output).	The key	is di-
     vided into	groups of 8 characters (a short	final group is null-padded)
     and the low-order 7 bits of each character	(56 bits per group) are	used
     to	form the DES key as follows: the first group of	56 bits	becomes	the
     initial DES key.  For each	additional group, the XOR of the group bits
     and the encryption	of the DES key with itself becomes the next DES	key.
     Then the final DES	key is used to perform count cumulative	encryptions of
     a 64-bit constant.	 The value returned is a NUL-terminated	string,	20
     bytes in length, consisting of the	setting	followed by the	encoded	64-bit

     For compatibility with historical versions	of crypt(3), the setting may
     consist of	2 bytes	of salt, encoded as above, in which case an iteration
     count of 25 is used, fewer	perturbations of DES are available, at most 8
     characters	of key are used, and the returned value	is a NUL-terminated
     string 13 bytes in	length.

     The functions, encrypt(), setkey(), des_setkey() and des_cipher() allow
     limited access to the DES algorithm itself.  The key argument to setkey()
     is	a 64 character array of	binary values (numeric 0 or 1).	 A 56-bit key
     is	derived	from this array	by dividing the	array into groups of 8 and ig-
     noring the	last bit in each group.

     The encrypt() argument block is also a 64 character array of binary val-
     ues.  If the value	of flag	is 0, the argument block is encrypted, other-
     wise it is	decrypted.  The	encryption or decryption is returned in	the
     original array block after	using the key specified	by setkey() to process

     The des_setkey() and des_cipher() functions are faster but	less portable
     than setkey() and encrypt().  The argument	to des_setkey()	is a character
     array of length 8.	 The least significant bit in each character is	ig-
     nored and the next	7 bits of each character are concatenated to yield a
     56-bit key.  The function des_cipher() encrypts (or decrypts if count is
     negative) the 64-bits stored in the 8 characters at in using abs(3) of
     count iterations of DES and stores	the 64-bit result in the 8 characters
     at	out.  The salt specifies perturbations to DES as described above.

     The function crypt() returns a pointer to the encrypted value on success
     and NULL on failure.  The functions setkey(), encrypt(), des_setkey(),
     and des_cipher() return 0 on success and 1	on failure.  Historically, the
     functions setkey()	and encrypt() did not return any value.	 They have
     been provided return values primarily to distinguish implementations
     where hardware support is provided	but not	available or where the DES en-
     cryption is not available due to the usual	political silliness.

     Use of crypt() requires linking with the libcrypt library.	 The setkey(),
     encrypt(),	des_setkey() and des_cipher() can be found in the libcipher
     library (the standard C library, libc, only contains stubs	to these rou-

     login(1), passwd(1), getpass(3), passwd(5)

     Wayne Patterson, Mathematical Cryptology for Computer Scientists and
     Mathematicians, ISBN 0-8476-7438-X, 1987.

     R.	Morris and Ken Thompson, "Password Security: A Case History",
     Communications of the ACM,	vol. 22, pp. 594-597, Nov. 1979.

     M.E. Hellman, "DES	will be	Totally	Insecure within	Ten Years", IEEE
     Spectrum, vol. 16,	pp. 32-39, July	1979.

     A rotor-based crypt() function appeared in	Version	6 AT&T UNIX.  The cur-
     rent style	crypt()	first appeared in Version 7 AT&T UNIX.

     Dropping the least	significant bit	in each	character of the argument to
     des_setkey() is ridiculous.

     The crypt() function leaves its result in an internal static object and
     returns a pointer to that object.	Subsequent calls to crypt() will mod-
     ify the same object.

BSD			       December	11, 1993			   BSD


Want to link to this manual page? Use this URL:

home | help