1.\" Copyright (c) 1989, 1991 The Regents of the University of California. 2.\" All rights reserved. 3.\" 4.\" %sccs.include.redist.man% 5.\" 6.\" @(#)crypt.3 6.6 (Berkeley) 05/18/91 7.\" 8.Dd 9.Dt CRYPT 3 10.Os 11.Sh NAME 12.Nm crypt , 13.Nm setkey , 14.Nm encrypt , 15.Nm des_setkey , 16.Nm des_cipher 17.Nd DES encryption 18.Sh SYNOPSIS 19.Ft char 20.Fn *crypt "const char *key" "const char *setting" 21.Ft int 22.Fn setkey "char *key" 23.Ft int 24.Fn encrypt "char *block" "int flag" 25.Ft int 26.Fn des_setkey "const char *key" 27.Ft int 28.Fn des_cipher "const char *in" "char *out" "long salt" "int count" 29.Sh DESCRIPTION 30The 31.Xr crypt 32function 33performs password encryption. 34It is derived from the 35.Tn NBS 36Data Encryption Standard. 37Additional code has been added to deter 38key search attempts. 39The first argument to 40.Nm crypt 41is 42a 43.Dv NUL Ns -terminated 44string (normally a password typed by a user). 45The second is a character array, 9 bytes in length, consisting of an 46underscore (``_'') followed by 4 bytes of iteration count and 4 bytes 47of salt. 48Both the iteration 49.Fa count 50and the 51.Fa salt 52are encoded as follows: only 6 bits per character are used, with the least 53significant bits occurring first. 54The values 0 to 63 are encoded by the characters ``./0-9A-Za-z'', 55respectively. 56The 57.Fa salt 58is used to induce disorder in to the 59.Tn DES 60algorithm 61in one of 16777216 62possible ways 63(specifically, if bit 64.Em N 65of the 66.Ar salt 67is set then bits 68.Em N 69and 70.Em N+24 71are swapped in the 72.Tn DES 73``E'' box output). 74Then the 75.Ar key 76is used to perform 77.Ar count 78cumulative encryptions of a 64-bit constant. 79The value returned is a character array, 20 bytes in length, consisting 80of the 81.Ar setting 82followed by the encoded 64-bit encryption. 83.Pp 84For compatibility with historical versions of 85.Xr crypt 3 , 86the 87.Ar setting 88may consist of 2 bytes of salt, encoded as above, in which case an 89iteration 90.Ar count 91of 25 is used, fewer perturbations of 92.Tn DES 93are available, at most 8 94characters of 95.Ar key 96are used, and the returned value is a character array 13 bytes in length. 97.Pp 98The 99functions, 100.Fn encrypt , 101.Fn setkey , 102.Fn des_setkey 103and 104.Fn des_cipher 105allow limited access to the 106.Tn DES 107algorithm itself. 108The 109.Ar key 110argument to 111.Fn setkey 112is a 64 character array of 113.Tn ASCII 114binary values (0 or 1). 115A 56-bit key is derived from dividing this array by dividing the string 116into groups of 8 and ignoring the last bit in each group. 117.Pp 118The 119.Fn encrypt 120argument 121.Fa block 122is also a 64 character array of 123.Tn ASCII 124binary values. 125If the value of 126.Fa flag 127is 0, 128the argument 129.Fa block 130is encrypted, otherwise it 131is decrypted. 132The encryption or decryption is returned in the original 133array 134.Fa block 135after using the 136key specified 137by 138.Fn setkey 139to process it. 140.Pp 141The 142.Fn des_setkey 143and 144.Fn des_cipher 145functions are faster but less portable than 146.Fn setkey 147and 148.Fn encrypt . 149The argument to 150.Fn des_setkey 151is a character array of length 8. 152The 153.Em least 154significant bit in each character is ignored and the next 7 bits of each 155character are concatenated to yield a 56-bit key. 156The function 157.Fn des_cipher 158encrypts (or decrypts if 159.Fa count 160is negative) the 64-bits stored in the 8 characters at 161.Fa in 162using 163.Xr abs 3 164of 165.Fa count 166iterations of 167.Tn DES 168and stores the 64-bit result in the 8 characters at 169.Fa out . 170The 171.Fa salt 172specifies perturbations to 173.Tn DES 174as described above. 175.Pp 176The function 177.Fn crypt 178returns a pointer to the encrypted value on success and NULL on failure. 179The functions 180.Fn setkey , 181.Fn encrypt , 182.Fn des_setkey , 183and 184.Fn des_cipher 185return 0 on success and 1 on failure. 186Historically, the functions 187.Fn setkey 188and 189.Fn encrypt 190did not return any value. 191They have been provided return values primarily to distinguish 192implementations where hardware support is provided but not 193available or where the DES encryption is not available due to the 194usual political silliness. 195.Sh SEE ALSO 196.Xr login 1 , 197.Xr passwd 1 , 198.Xr getpass 3 , 199.Xr passwd 5 200.sp 201.Rs 202.%T "Mathematical Cryptology for Computer Scientists and Mathematicians" 203.%A Wayne Patterson 204.%D 1987 205.%N ISBN 0-8476-7438-X 206.Re 207.Rs 208.%T "Password Security: A Case History" 209.%A R. Morris 210.%A Ken Thompson 211.%J "Communications of the ACM" 212.%V vol. 22 213.%P pp. 594-597 214.%D Nov. 1979 215.Re 216.Rs 217.%T "DES will be Totally Insecure within Ten Years" 218.%A M.E. Hellman 219.%J "IEEE Spectrum" 220.%V vol. 16 221.%P pp. 32-39 222.%D July 1979 223.Re 224.Sh HISTORY 225A rotor-based 226.Fn crypt 227function appeared in 228.At v6 . 229The current style 230.Fn crypt 231first appeared in 232.At v7 . 233.Sh BUGS 234Dropping the 235.Em least 236significant bit in each character of the argument to 237.Fn des_setkey 238is ridiculous. 239.Pp 240The 241.Fn crypt 242function leaves its result in an internal static object and returns 243a pointer to that object. 244Subsequent calls to 245.Fn crypt 246will modify the same object. 247