Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ encrypt(3) — 386BSD 1.0

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

login(1)

passwd(1)

getpass(3)

passwd(5)

CRYPT(3)                  386BSD Programmer's Manual                  CRYPT(3)

NAME
     crypt, setkey, encrypt, dessetkey, descipher - DES encryption

SYNOPSIS
     char
     *crypt(const char *key, const char *setting)

     int
     setkey(char *key)

     int
     encrypt(char *block, int flag)

     int
     dessetkey(const char *key)

     int
     descipher(const char *in, char *out, long salt, int count)

DESCRIPTION
     The crypt function performs password encryption.  It is derived from the
     NBS Data Encryption Standard.  Additional code has been added to deter
     key search attempts.  The first argument to crypt is a NUL-terminated
     string (normally a password typed by a user).  The second is a character
     array, 9 bytes in length, consisting of an underscore (``_'') followed by
     4 bytes of iteration count and 4 bytes of salt.  Both the iteration count
     and the salt are encoded with 6 bits per character, least significant
     bits first.  The values 0 to 63 are encoded by the characters ``./0-9A-
     Za-z'', respectively.

     The salt is used to induce disorder in to the DES algorithm in one of
     16777216 possible ways (specifically, if bit i of the salt is set then
     bits i and i+24 are swapped in the DES ``E'' box output).  The key is
     divided into groups of 8 characters (a short final group is null-padded)
     and the low-order 7 bits of each each character (56 bits per group) are
     used to form the DES key as follows: the first group of 56 bits becomes
     the initial DES key.  For each additional group, the XOR of the group
     bits and the encryption of the DES key with itself becomes the next DES
     key.  Then the final DES key is used to perform count cumulative
     encryptions of a 64-bit constant.  The value returned is a NUL-terminated
     string, 20 bytes in length, consisting of the setting followed by the
     encoded 64-bit encryption.

     For compatibility with historical versions of crypt(3),  the setting may
     consist of 2 bytes of salt, encoded as above, in which case an iteration
     count of 25 is used, fewer perturbations of DES are available, at most 8
     characters of key are used, and the returned value is a NUL-terminated
     string 13 bytes in length.

     The functions, encrypt(), setkey(), dessetkey() and descipher() allow
     limited access to the DES algorithm itself.  The key argument to setkey()
     is a 64 character array of binary values (numeric 0 or 1).  A 56-bit key
     is derived from this array by dividing the array into groups of 8 and
     ignoring the last bit in each group.

     The encrypt() argument block is also a 64 character array of binary
     values.  If the value of flag is 0, the argument block is encrypted,
     otherwise it is decrypted.  The encryption or decryption is returned in
     the original array block after using the key specified by setkey() to
     process it.

     The dessetkey() and descipher() functions are faster but less portable
     than setkey() and encrypt().  The argument to dessetkey() is a character
     array of length 8.  The least significant bit in each character is
     ignored and the next 7 bits of each character are concatenated to yield a
     56-bit key.  The function descipher() encrypts (or decrypts if count is
     negative) the 64-bits stored in the 8 characters at in using abs(3) of
     count iterations of DES and stores the 64-bit result in the 8 characters
     at out. The salt specifies perturbations to DES as described above.

     The function crypt() returns a pointer to the encrypted value on success
     and NULL on failure.  The functions setkey(), encrypt(), dessetkey(),
     and descipher() return 0 on success and 1 on failure.  Historically, the
     functions setkey() and encrypt() did not return any value.  They have
     been provided return values primarily to distinguish implementations
     where hardware support is provided but not available or where the DES
     encryption is not available due to the usual political silliness.

SEE ALSO
     login(1),  passwd(1),  getpass(3),  passwd(5)


     Wayne Patterson, Mathematical Cryptology for Computer Scientists and
     Mathematicians, ISBN 0-8476-7438-X, 1987.

     R. Morris, and Ken Thompson, "Password Security: A Case History",
     Communications of the ACM, vol. 22, pp. 594-597, Nov. 1979.

     M.E. Hellman, "DES will be Totally Insecure within Ten Years", IEEE
     Spectrum, vol. 16, pp. 32-39, July 1979.

HISTORY
     A rotor-based crypt() function appeared in Version 6 AT&T UNIX.  The
     current style crypt() first appeared in Version 7 AT&T UNIX.

BUGS
     Dropping the least significant bit in each character of the argument to
     dessetkey() is ridiculous.

     The crypt() function leaves its result in an internal static object and
     returns a pointer to that object.  Subsequent calls to crypt() will
     modify the same object.

BSD Experimental                 May 21, 1991                                2


























Typewritten Software • bear@typewritten.org • Edmonds, WA 98026