1.\" $NetBSD: crypt.3,v 1.4 1997/04/18 06:32:16 mikel Exp $ 2.\" 3.\" Copyright (c) 1989, 1991, 1993 4.\" The Regents of the University of California. All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 3. All advertising materials mentioning features or use of this software 15.\" must display the following acknowledgement: 16.\" This product includes software developed by the University of 17.\" California, Berkeley and its contributors. 18.\" 4. Neither the name of the University nor the names of its contributors 19.\" may be used to endorse or promote products derived from this software 20.\" without specific prior written permission. 21.\" 22.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 23.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 26.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32.\" SUCH DAMAGE. 33.\" 34.\" @(#)crypt.3 8.1.1.1 (Berkeley) 8/18/93 35.\" 36.Dd August 18, 1993 37.Dt CRYPT 3 38.Os 39.Sh NAME 40.Nm crypt , 41.Nm setkey , 42.Nm encrypt , 43.Nm des_setkey , 44.Nm des_cipher 45.Nd DES encryption 46.Sh SYNOPSIS 47.Fd #include <unistd.h> 48.Ft char 49.Fn *crypt "const char *key" "const char *setting" 50.Ft int 51.Fn setkey "const char *key" 52.Ft int 53.Fn encrypt "char *block" "int flag" 54.Ft int 55.Fn des_setkey "const char *key" 56.Ft int 57.Fn des_cipher "const char *in" "char *out" "long salt" "int count" 58.Sh DESCRIPTION 59The 60.Fn crypt 61function 62performs password encryption. 63It is derived from the 64.Tn NBS 65Data Encryption Standard. 66Additional code has been added to deter 67key search attempts. 68The first argument to 69.Nm crypt 70is 71a 72.Dv NUL Ns -terminated 73string (normally a password typed by a user). 74The second is a character array, 9 bytes in length, consisting of an 75underscore (``_'') followed by 4 bytes of iteration count and 4 bytes 76of salt. 77Both the iteration 78.Fa count 79and the 80.Fa salt 81are encoded with 6 bits per character, least significant bits first. 82The values 0 to 63 are encoded by the characters ``./0-9A-Za-z'', 83respectively. 84.Pp 85The 86.Fa salt 87is used to induce disorder in to the 88.Tn DES 89algorithm 90in one of 16777216 91possible ways 92(specifically, if bit 93.Em i 94of the 95.Ar salt 96is set then bits 97.Em i 98and 99.Em i+24 100are swapped in the 101.Tn DES 102``E'' box output). 103The 104.Ar key 105is divided into groups of 8 characters (a short final group is null-padded) 106and the low-order 7 bits of each character (56 bits per group) are 107used to form the DES key as follows: the first group of 56 bits becomes the 108initial DES key. 109For each additional group, the XOR of the group bits and the encryption of 110the DES key with itself becomes the next DES key. 111Then the final DES key is used to perform 112.Ar count 113cumulative encryptions of a 64-bit constant. 114The value returned is a 115.Dv NUL Ns -terminated 116string, 20 bytes in length, consisting 117of the 118.Ar setting 119followed by the encoded 64-bit encryption. 120.Pp 121For compatibility with historical versions of 122.Xr crypt 3 , 123the 124.Ar setting 125may consist of 2 bytes of salt, encoded as above, in which case an 126iteration 127.Ar count 128of 25 is used, fewer perturbations of 129.Tn DES 130are available, at most 8 131characters of 132.Ar key 133are used, and the returned value is a 134.Dv NUL Ns -terminated 135string 13 bytes in length. 136.Pp 137The 138functions 139.Fn encrypt , 140.Fn setkey , 141.Fn des_setkey 142and 143.Fn des_cipher 144allow limited access to the 145.Tn DES 146algorithm itself. 147The 148.Ar key 149argument to 150.Fn setkey 151is a 64 character array of 152binary values (numeric 0 or 1). 153A 56-bit key is derived from this array by dividing the array 154into groups of 8 and ignoring the last bit in each group. 155.Pp 156The 157.Fn encrypt 158argument 159.Fa block 160is also a 64 character array of 161binary values. 162If the value of 163.Fa flag 164is 0, 165the argument 166.Fa block 167is encrypted, otherwise it fails. 168The encryption is returned in the original 169array 170.Fa block 171after using the 172key specified 173by 174.Fn setkey 175to process it. 176.Pp 177The 178.Fn des_setkey 179and 180.Fn des_cipher 181functions are faster but less portable than 182.Fn setkey 183and 184.Fn encrypt . 185The argument to 186.Fn des_setkey 187is a character array of length 8. 188The 189.Em least 190significant bit in each character is ignored and the next 7 bits of each 191character are concatenated to yield a 56-bit key. 192The function 193.Fn des_cipher 194encrypts the 64-bits stored in the 8 characters at 195.Fa in 196using 197.Xr abs 3 198of 199.Fa count 200iterations of 201.Tn DES 202and stores the 64-bit result in the 8 characters at 203.Fa out . 204The 205.Fa salt 206specifies perturbations to 207.Tn DES 208as described above. 209.Pp 210The function 211.Fn crypt 212returns a pointer to the encrypted value on success and NULL on failure. 213The functions 214.Fn setkey , 215.Fn encrypt , 216.Fn des_setkey , 217and 218.Fn des_cipher 219return 0 on success and 1 on failure. 220Historically, the functions 221.Fn setkey 222and 223.Fn encrypt 224did not return any value. 225They have been provided return values primarily to distinguish 226implementations where hardware support is provided but not 227available or where the DES encryption is not available due to the 228usual political silliness. 229.Sh SEE ALSO 230.Xr login 1 , 231.Xr passwd 1 , 232.Xr getpass 3 , 233.Xr passwd 5 234.sp 235.Rs 236.%T "Mathematical Cryptology for Computer Scientists and Mathematicians" 237.%A Wayne Patterson 238.%D 1987 239.%N ISBN 0-8476-7438-X 240.Re 241.Rs 242.%T "Password Security: A Case History" 243.%A R. Morris 244.%A Ken Thompson 245.%J "Communications of the ACM" 246.%V vol. 22 247.%P pp. 594-597 248.%D Nov. 1979 249.Re 250.Rs 251.%T "DES will be Totally Insecure within Ten Years" 252.%A M.E. Hellman 253.%J "IEEE Spectrum" 254.%V vol. 16 255.%P pp. 32-39 256.%D July 1979 257.Re 258.Sh HISTORY 259A rotor-based 260.Fn crypt 261function appeared in 262.At v6 . 263The current style 264.Fn crypt 265first appeared in 266.At v7 . 267.Sh BUGS 268Dropping the 269.Em least 270significant bit in each character of the argument to 271.Fn des_setkey 272is ridiculous. 273.Pp 274The 275.Fn crypt 276function leaves its result in an internal static object and returns 277a pointer to that object. 278Subsequent calls to 279.Fn crypt 280will modify the same object. 281