unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (SunOS-4.1.3)
Page:
Section:
Apropos / Subsearch:
optional field

CRYPT(3)                   Library Functions Manual                   CRYPT(3)



NAME
       crypt, _crypt, setkey, encrypt - password and data encryption

SYNOPSIS
       char *crypt(key, salt)
       char *key, *salt;

       char *_crypt(key, salt)
       char *key, *salt;

       setkey(key)
       char *key;

       encrypt(block, edflag)
       char *block;

DESCRIPTION
       crypt()  is  the  password  encryption  routine,  based on the NBS Data
       Encryption Standard, with variations intended (among other  things)  to
       frustrate use of hardware implementations of the DES for key search.

       The first argument to crypt() is normally a user's typed password.  The
       second is a 2-character  string  chosen  from  the  set  [a-zA-Z0-9./].
       Unless  it starts with `##' or `#$', the salt string is used to perturb
       the DES algorithm in one of 4096 different ways, after which the  pass-
       word  is  used as the key to encrypt repeatedly a constant string.  The
       returned value points to the encrypted password, in the  same  alphabet
       as the salt.  The first two characters are the salt itself.

       If  the salt string starts with `##', pwdauth(3) is called.  If pwdauth
       returns TRUE, the salt is returned  from  crypt.   Otherwise,  NULL  is
       returned.    If   the  salt  string  starts  with  `#$',  grpauth  (see
       pwdauth(3)) is called.  If grpauth returns TRUE, the salt  is  returned
       from  crypt.   Otherwise, NULL is returned.  If there is a valid reason
       not to have this authentication happen, calling _crypt avoids authenti-
       cation.

       The setkey and encrypt entries provide (rather primitive) access to the
       DES algorithm.  The argument of setkey is a character array  of  length
       64  containing  only  the  characters with numerical value 0 and 1.  If
       this string is divided into groups of 8,  the  low-order  bit  in  each
       group  is  ignored;  this  gives  a  56-bit  key  which is set into the
       machine.  This is the key that will be used with  the  above  mentioned
       algorithm  to  encrypt  or  decrypt  the string block with the function
       encrypt.

       The argument to the encrypt entry is a character  array  of  length  64
       containing only the characters with numerical value 0 and 1.  The argu-
       ment array is modified in place to a  similar  array  representing  the
       bits  of  the argument after having been subjected to the DES algorithm
       using the key set by setkey.   If  edflag  is  zero,  the  argument  is
       encrypted; if non-zero, it is decrypted.

SEE ALSO
       login(1), passwd(1), getpass(3V), pwdauth(3), passwd(5)

BUGS
       The  return value points to static data whose content is overwritten by
       each call.



                                6 October 1987                        CRYPT(3)