1.\" $NetBSD: crypt.3,v 1.2 1995/02/19 12:19:00 cgd Exp $ 2.\" 3.\" Copyright (c) 1989, 1991, 1993 4.\" The Regents of the University of California. All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 3. All advertising materials mentioning features or use of this software 15.\" must display the following acknowledgement: 16.\" This product includes software developed by the University of 17.\" California, Berkeley and its contributors. 18.\" 4. Neither the name of the University nor the names of its contributors 19.\" may be used to endorse or promote products derived from this software 20.\" without specific prior written permission. 21.\" 22.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 23.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 26.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32.\" SUCH DAMAGE. 33.\" 34.\" @(#)crypt.3 8.1.1.1 (Berkeley) 8/18/93 35.\" 36.Dd August 18, 1993 37.Dt CRYPT 3 38.Os 39.Sh NAME 40.Nm crypt , 41.Nm setkey , 42.Nm encrypt , 43.Nm des_setkey , 44.Nm des_cipher 45.Nd DES encryption 46.Sh SYNOPSIS 47.Ft char 48.Fn *crypt "const char *key" "const char *setting" 49.Ft int 50.Fn setkey "char *key" 51.Ft int 52.Fn encrypt "char *block" "int flag" 53.Ft int 54.Fn des_setkey "const char *key" 55.Ft int 56.Fn des_cipher "const char *in" "char *out" "long salt" "int count" 57.Sh DESCRIPTION 58The 59.Xr crypt 60function 61performs password encryption. 62It is derived from the 63.Tn NBS 64Data Encryption Standard. 65Additional code has been added to deter 66key search attempts. 67The first argument to 68.Nm crypt 69is 70a 71.Dv NUL Ns -terminated 72string (normally a password typed by a user). 73The second is a character array, 9 bytes in length, consisting of an 74underscore (``_'') followed by 4 bytes of iteration count and 4 bytes 75of salt. 76Both the iteration 77.Fa count 78and the 79.Fa salt 80are encoded with 6 bits per character, least significant bits first. 81The values 0 to 63 are encoded by the characters ``./0-9A-Za-z'', 82respectively. 83.Pp 84The 85.Fa salt 86is used to induce disorder in to the 87.Tn DES 88algorithm 89in one of 16777216 90possible ways 91(specifically, if bit 92.Em i 93of the 94.Ar salt 95is set then bits 96.Em i 97and 98.Em i+24 99are swapped in the 100.Tn DES 101``E'' box output). 102The 103.Ar key 104is divided into groups of 8 characters (a short final group is null-padded) 105and the low-order 7 bits of each character (56 bits per group) are 106used to form the DES key as follows: the first group of 56 bits becomes the 107initial DES key. 108For each additional group, the XOR of the group bits and the encryption of 109the DES key with itself becomes the next DES key. 110Then the final DES key is used to perform 111.Ar count 112cumulative encryptions of a 64-bit constant. 113The value returned is a 114.Dv NUL Ns -terminated 115string, 20 bytes in length, consisting 116of the 117.Ar setting 118followed by the encoded 64-bit encryption. 119.Pp 120For compatibility with historical versions of 121.Xr crypt 3 , 122the 123.Ar setting 124may consist of 2 bytes of salt, encoded as above, in which case an 125iteration 126.Ar count 127of 25 is used, fewer perturbations of 128.Tn DES 129are available, at most 8 130characters of 131.Ar key 132are used, and the returned value is a 133.Dv NUL Ns -terminated 134string 13 bytes in length. 135.Pp 136The 137functions, 138.Fn encrypt , 139.Fn setkey , 140.Fn des_setkey 141and 142.Fn des_cipher 143allow limited access to the 144.Tn DES 145algorithm itself. 146The 147.Ar key 148argument to 149.Fn setkey 150is a 64 character array of 151binary values (numeric 0 or 1). 152A 56-bit key is derived from this array by dividing the array 153into groups of 8 and ignoring the last bit in each group. 154.Pp 155The 156.Fn encrypt 157argument 158.Fa block 159is also a 64 character array of 160binary values. 161If the value of 162.Fa flag 163is 0, 164the argument 165.Fa block 166is encrypted, otherwise it fails. 167The encryption is returned in the original 168array 169.Fa block 170after using the 171key specified 172by 173.Fn setkey 174to process it. 175.Pp 176The 177.Fn des_setkey 178and 179.Fn des_cipher 180functions are faster but less portable than 181.Fn setkey 182and 183.Fn encrypt . 184The argument to 185.Fn des_setkey 186is a character array of length 8. 187The 188.Em least 189significant bit in each character is ignored and the next 7 bits of each 190character are concatenated to yield a 56-bit key. 191The function 192.Fn des_cipher 193encrypts the 64-bits stored in the 8 characters at 194.Fa in 195using 196.Xr abs 3 197of 198.Fa count 199iterations of 200.Tn DES 201and stores the 64-bit result in the 8 characters at 202.Fa out . 203The 204.Fa salt 205specifies perturbations to 206.Tn DES 207as described above. 208.Pp 209The function 210.Fn crypt 211returns a pointer to the encrypted value on success and NULL on failure. 212The functions 213.Fn setkey , 214.Fn encrypt , 215.Fn des_setkey , 216and 217.Fn des_cipher 218return 0 on success and 1 on failure. 219Historically, the functions 220.Fn setkey 221and 222.Fn encrypt 223did not return any value. 224They have been provided return values primarily to distinguish 225implementations where hardware support is provided but not 226available or where the DES encryption is not available due to the 227usual political silliness. 228.Sh SEE ALSO 229.Xr login 1 , 230.Xr passwd 1 , 231.Xr getpass 3 , 232.Xr passwd 5 233.sp 234.Rs 235.%T "Mathematical Cryptology for Computer Scientists and Mathematicians" 236.%A Wayne Patterson 237.%D 1987 238.%N ISBN 0-8476-7438-X 239.Re 240.Rs 241.%T "Password Security: A Case History" 242.%A R. Morris 243.%A Ken Thompson 244.%J "Communications of the ACM" 245.%V vol. 22 246.%P pp. 594-597 247.%D Nov. 1979 248.Re 249.Rs 250.%T "DES will be Totally Insecure within Ten Years" 251.%A M.E. Hellman 252.%J "IEEE Spectrum" 253.%V vol. 16 254.%P pp. 32-39 255.%D July 1979 256.Re 257.Sh HISTORY 258A rotor-based 259.Fn crypt 260function appeared in 261.At v6 . 262The current style 263.Fn crypt 264first appeared in 265.At v7 . 266.Sh BUGS 267Dropping the 268.Em least 269significant bit in each character of the argument to 270.Fn des_setkey 271is ridiculous. 272.Pp 273The 274.Fn crypt 275function leaves its result in an internal static object and returns 276a pointer to that object. 277Subsequent calls to 278.Fn crypt 279will modify the same object. 280