1.\" Copyright (c) 1989, 1991 The Regents of the University of California. 2.\" All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. All advertising materials mentioning features or use of this software 13.\" must display the following acknowledgement: 14.\" This product includes software developed by the University of 15.\" California, Berkeley and its contributors. 16.\" 4. Neither the name of the University nor the names of its contributors 17.\" may be used to endorse or promote products derived from this software 18.\" without specific prior written permission. 19.\" 20.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30.\" SUCH DAMAGE. 31.\" 32.\" from: @(#)crypt.3 6.7 (Berkeley) 5/21/91 33.\" $Id: crypt.3,v 1.1 1993/10/07 01:36:22 cgd Exp $ 34.\" 35.Dd May 21, 1991 36.Dt CRYPT 3 37.Os 38.Sh NAME 39.Nm crypt , 40.Nm setkey , 41.Nm encrypt , 42.Nm des_setkey , 43.Nm des_cipher 44.Nd DES encryption 45.Sh SYNOPSIS 46.Ft char 47.Fn *crypt "const char *key" "const char *setting" 48.Ft int 49.Fn setkey "char *key" 50.Ft int 51.Fn encrypt "char *block" "int flag" 52.Ft int 53.Fn des_setkey "const char *key" 54.Ft int 55.Fn des_cipher "const char *in" "char *out" "long salt" "int count" 56.Sh DESCRIPTION 57The 58.Xr crypt 59function 60performs password encryption. 61It is derived from the 62.Tn NBS 63Data Encryption Standard. 64Additional code has been added to deter 65key search attempts. 66The first argument to 67.Nm crypt 68is 69a 70.Dv NUL Ns -terminated 71string (normally a password typed by a user). 72The second is a character array, 9 bytes in length, consisting of an 73underscore (``_'') followed by 4 bytes of iteration count and 4 bytes 74of salt. 75Both the iteration 76.Fa count 77and the 78.Fa salt 79are encoded with 6 bits per character, least significant bits first. 80The values 0 to 63 are encoded by the characters ``./0-9A-Za-z'', 81respectively. 82.Pp 83The 84.Fa salt 85is used to induce disorder in to the 86.Tn DES 87algorithm 88in one of 16777216 89possible ways 90(specifically, if bit 91.Em i 92of the 93.Ar salt 94is set then bits 95.Em i 96and 97.Em i+24 98are swapped in the 99.Tn DES 100``E'' box output). 101The 102.Ar key 103is divided into groups of 8 characters (a short final group is null-padded) 104and the low-order 7 bits of each each character (56 bits per group) are 105used to form the DES key as follows: the first group of 56 bits becomes the 106initial DES key. 107For each additional group, the XOR of the group bits and the encryption of 108the DES key with itself becomes the next DES key. 109Then the final DES key is used to perform 110.Ar count 111cumulative encryptions of a 64-bit constant. 112The value returned is a 113.Dv NUL Ns -terminated 114string, 20 bytes in length, consisting 115of the 116.Ar setting 117followed by the encoded 64-bit encryption. 118.Pp 119For compatibility with historical versions of 120.Xr crypt 3 , 121the 122.Ar setting 123may consist of 2 bytes of salt, encoded as above, in which case an 124iteration 125.Ar count 126of 25 is used, fewer perturbations of 127.Tn DES 128are available, at most 8 129characters of 130.Ar key 131are used, and the returned value is a 132.Dv NUL Ns -terminated 133string 13 bytes in length. 134.Pp 135The 136functions, 137.Fn encrypt , 138.Fn setkey , 139.Fn des_setkey 140and 141.Fn des_cipher 142allow limited access to the 143.Tn DES 144algorithm itself. 145The 146.Ar key 147argument to 148.Fn setkey 149is a 64 character array of 150binary values (numeric 0 or 1). 151A 56-bit key is derived from this array by dividing the array 152into groups of 8 and ignoring the last bit in each group. 153.Pp 154The 155.Fn encrypt 156argument 157.Fa block 158is also a 64 character array of 159binary values. 160If the value of 161.Fa flag 162is 0, 163the argument 164.Fa block 165is encrypted, otherwise it 166is decrypted. 167The encryption or decryption is returned in the original 168array 169.Fa block 170after using the 171key specified 172by 173.Fn setkey 174to process it. 175.Pp 176The 177.Fn des_setkey 178and 179.Fn des_cipher 180functions are faster but less portable than 181.Fn setkey 182and 183.Fn encrypt . 184The argument to 185.Fn des_setkey 186is a character array of length 8. 187The 188.Em least 189significant bit in each character is ignored and the next 7 bits of each 190character are concatenated to yield a 56-bit key. 191The function 192.Fn des_cipher 193encrypts (or decrypts if 194.Fa count 195is negative) the 64-bits stored in the 8 characters at 196.Fa in 197using 198.Xr abs 3 199of 200.Fa count 201iterations of 202.Tn DES 203and stores the 64-bit result in the 8 characters at 204.Fa out . 205The 206.Fa salt 207specifies perturbations to 208.Tn DES 209as described above. 210.Pp 211The function 212.Fn crypt 213returns a pointer to the encrypted value on success and NULL on failure. 214The functions 215.Fn setkey , 216.Fn encrypt , 217.Fn des_setkey , 218and 219.Fn des_cipher 220return 0 on success and 1 on failure. 221Historically, the functions 222.Fn setkey 223and 224.Fn encrypt 225did not return any value. 226They have been provided return values primarily to distinguish 227implementations where hardware support is provided but not 228available or where the DES encryption is not available due to the 229usual political silliness. 230.Sh SEE ALSO 231.Xr login 1 , 232.Xr passwd 1 , 233.Xr getpass 3 , 234.Xr passwd 5 235.sp 236.Rs 237.%T "Mathematical Cryptology for Computer Scientists and Mathematicians" 238.%A Wayne Patterson 239.%D 1987 240.%N ISBN 0-8476-7438-X 241.Re 242.Rs 243.%T "Password Security: A Case History" 244.%A R. Morris 245.%A Ken Thompson 246.%J "Communications of the ACM" 247.%V vol. 22 248.%P pp. 594-597 249.%D Nov. 1979 250.Re 251.Rs 252.%T "DES will be Totally Insecure within Ten Years" 253.%A M.E. Hellman 254.%J "IEEE Spectrum" 255.%V vol. 16 256.%P pp. 32-39 257.%D July 1979 258.Re 259.Sh HISTORY 260A rotor-based 261.Fn crypt 262function appeared in 263.At v6 . 264The current style 265.Fn crypt 266first appeared in 267.At v7 . 268.Sh BUGS 269Dropping the 270.Em least 271significant bit in each character of the argument to 272.Fn des_setkey 273is ridiculous. 274.Pp 275The 276.Fn crypt 277function leaves its result in an internal static object and returns 278a pointer to that object. 279Subsequent calls to 280.Fn crypt 281will modify the same object. 282