.\" Copyright (c) 1989, 1991 The Regents of the University of California.
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\" 3. All advertising materials mentioning features or use of this software
.\" must display the following acknowledgement:
.\" This product includes software developed by the University of
.\" California, Berkeley and its contributors.
.\" 4. Neither the name of the University nor the names of its contributors
.\" may be used to endorse or promote products derived from this software
.\" without specific prior written permission.
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" @(#)crypt.3 6.7.1.1 (Berkeley) 8/19/91
.Fn *crypt "const char *key" "const char *setting"
.Fn encrypt "char *block" "int flag"
.Fn des_setkey "const char *key"
.Fn des_cipher "const char *in" "char *out" "long salt" "int count"
performs password encryption.
Data Encryption Standard.
Additional code has been added to deter
string (normally a password typed by a user).
The second is a character array, 9 bytes in length, consisting of an
underscore (``_'') followed by 4 bytes of iteration count and 4 bytes
are encoded with 6 bits per character, least significant bits first.
The values 0 to 63 are encoded by the characters ``./0-9A-Za-z'',
is used to induce disorder in to the
is divided into groups of 8 characters (a short final group is null-padded)
and the low-order 7 bits of each each character (56 bits per group) are
used to form the DES key as follows: the first group of 56 bits becomes the
For each additional group, the XOR of the group bits and the encryption of
the DES key with itself becomes the next DES key.
Then the final DES key is used to perform
cumulative encryptions of a 64-bit constant.
string, 20 bytes in length, consisting
followed by the encoded 64-bit encryption.
For compatibility with historical versions of
may consist of 2 bytes of salt, encoded as above, in which case an
of 25 is used, fewer perturbations of
are used, and the returned value is a
string 13 bytes in length.
allow limited access to the
is a 64 character array of
binary values (numeric 0 or 1).
A 56-bit key is derived from this array by dividing the array
into groups of 8 and ignoring the last bit in each group.
is also a 64 character array of
is encrypted, otherwise it fails.
The encryption is returned in the original
functions are faster but less portable than
is a character array of length 8.
significant bit in each character is ignored and the next 7 bits of each
character are concatenated to yield a 56-bit key.
encrypts the 64-bits stored in the 8 characters at
and stores the 64-bit result in the 8 characters at
specifies perturbations to
returns a pointer to the encrypted value on success and NULL on failure.
return 0 on success and 1 on failure.
Historically, the functions
did not return any value.
They have been provided return values primarily to distinguish
implementations where hardware support is provided but not
available or where the DES encryption is not available due to the
usual political silliness.
.%T "Mathematical Cryptology for Computer Scientists and Mathematicians"
.%T "Password Security: A Case History"
.%J "Communications of the ACM"
.%T "DES will be Totally Insecure within Ten Years"
significant bit in each character of the argument to
function leaves its result in an internal static object and returns
a pointer to that object.
will modify the same object.