CRYPT(3) BSD Programmer's Manual CRYPT(3)
crypt, setkey, encrypt, des_setkey, des_cipher - DES encryption
*crypt(const char *key, const char *setting);
encrypt(char *block, int flag);
des_setkey(const char *key);
des_cipher(const char *in, char *out, long salt, int count);
The crypt function performs password encryption. It is derived from the
NBS Data Encryption Standard. Additional code has been added to deter
key search attempts. The first argument to crypt is a NUL-terminated
string (normally a password typed by a user). The second is a character
array, 9 bytes in length, consisting of an underscore (``_'') followed by
4 bytes of iteration count and 4 bytes of salt. Both the iteration count
and the salt are encoded with 6 bits per character, least significant
bits first. The values 0 to 63 are encoded by the characters ``./0-9A-
The salt is used to induce disorder in to the DES algorithm in one of
16777216 possible ways (specifically, if bit i of the salt is set then
bits i and i+24 are swapped in the DES ``E'' box output). The key is di-
vided into groups of 8 characters (a short final group is null-padded)
and the low-order 7 bits of each character (56 bits per group) are used
to form the DES key as follows: the first group of 56 bits becomes the
initial DES key. For each additional group, the XOR of the group bits
and the encryption of the DES key with itself becomes the next DES key.
Then the final DES key is used to perform count cumulative encryptions of
a 64-bit constant. The value returned is a NUL-terminated string, 20
bytes in length, consisting of the setting followed by the encoded 64-bit
For compatibility with historical versions of crypt(3), the setting may
consist of 2 bytes of salt, encoded as above, in which case an iteration
count of 25 is used, fewer perturbations of DES are available, at most 8
characters of key are used, and the returned value is a NUL-terminated
string 13 bytes in length.
The functions, encrypt(), setkey(), des_setkey() and des_cipher() allow
limited access to the DES algorithm itself. The key argument to setkey()
is a 64 character array of binary values (numeric 0 or 1). A 56-bit key
is derived from this array by dividing the array into groups of 8 and ig-
noring the last bit in each group.
The encrypt() argument block is also a 64 character array of binary val-
ues. If the value of flag is 0, the argument block is encrypted, other-
wise it is decrypted. The encryption or decryption is returned in the
original array block after using the key specified by setkey() to process
The des_setkey() and des_cipher() functions are faster but less portable
than setkey() and encrypt(). The argument to des_setkey() is a character
array of length 8. The least significant bit in each character is ig-
nored and the next 7 bits of each character are concatenated to yield a
56-bit key. The function des_cipher() encrypts (or decrypts if count is
negative) the 64-bits stored in the 8 characters at in using abs(3) of
count iterations of DES and stores the 64-bit result in the 8 characters
at out. The salt specifies perturbations to DES as described above.
The function crypt() returns a pointer to the encrypted value on success
and NULL on failure. The functions setkey(), encrypt(), des_setkey(),
and des_cipher() return 0 on success and 1 on failure. Historically, the
functions setkey() and encrypt() did not return any value. They have
been provided return values primarily to distinguish implementations
where hardware support is provided but not available or where the DES en-
cryption is not available due to the usual political silliness.
login(1), passwd(1), getpass(3), passwd(5)
Wayne Patterson, Mathematical Cryptology for Computer Scientists and
Mathematicians, ISBN 0-8476-7438-X, 1987.
R. Morris, and Ken Thompson, "Password Security: A Case History",
Communications of the ACM, vol. 22, pp. 594-597, Nov. 1979.
M.E. Hellman, "DES will be Totally Insecure within Ten Years", IEEE
Spectrum, vol. 16, pp. 32-39, July 1979.
A rotor-based crypt() function appeared in Version 6 AT&T UNIX. The cur-
rent style crypt() first appeared in Version 7 AT&T UNIX.
Dropping the least significant bit in each character of the argument to
des_setkey() is ridiculous.
The crypt() function leaves its result in an internal static object and
returns a pointer to that object. Subsequent calls to crypt() will modi-
fy the same object.
4.4BSD December 11, 1993 2