The
crypt();
function performs password encryption based on the
NBS
Data Encryption Standard (DES).
Additional code has been added to deter key search attempts and to use
stronger hashing algorithms.
The first argument to
crypt();
is a
NUL
string, typically a user's typed password.
The second is in one of three forms:
if it begins with an underscore
("_")
then an extended format is used
in interpreting both the key and the setting, as outlined below.
If it begins
with a string character
("$")
and a number then a different algorithm is used depending on the number.
At the moment a
"$1"
chooses MD5 hashing and a
"$2"
chooses Blowfish hashing; see below for more information.
Extended crypt
The
key
is divided into groups of 8 characters (the last group is null-padded)
and the low-order 7 bits of each character (56 bits per group) are
used to form the DES key as follows:
the first group of 56 bits becomes the initial DES key.
For each additional group, the XOR of the encryption of the current DES
key with itself and the group bits becomes the next DES key.
The setting is a 9-character array consisting of an underscore followed
by 4 bytes of iteration count and 4 bytes of salt.
These are encoded as printable characters, 6 bits per character,
least significant character first.
The values 0 to 63 are encoded as
“\&./0-9A-Za-z”.
This allows 24 bits for both
count
and
salt.
"MD5" crypt
For
MD5
crypt the version number,
salt
and the hashed password are separated by the
"$"
character.
The maximum length of a password is limited by
the length counter of the MD5 context, which is about
2**64.
A valid MD5 password entry looks like this:
“$1$caeiHQwX$hsKqOjrFRRN6K32OWkCBf1”.
The whole MD5 password string is passed as
setting
for interpretation.
"Blowfish" crypt
The
Blowfish
version of crypt has 128 bits of
salt
in order to make building dictionaries of common passwords space consuming.
The initial state of the
Blowfish
cipher is expanded using the
salt
and the
password
repeating the process a variable number of rounds, which is encoded in
the password string.
The maximum password length is 72.
The final Blowfish password entry is created by encrypting the string
“OrpheanBeholderScryDoubt”
with the
Blowfish
state 64 times.
The version number, the logarithm of the number of rounds and
the concatenation of salt and hashed password are separated by the
"$"
character.
An encoded
ֲ’
would specify 256 rounds.
A valid Blowfish password looks like this:
“$2a$12$eIAq8PR8sIUnJ1HaohxX2O9x9Qlm2vK97LJ5dsXdmB.eXF42qjchC”.
The whole Blowfish password string is passed as
setting
for interpretation.
"Traditional" crypt
The first 8 bytes of the key are null-padded, and the low-order 7 bits of
each character is used to form the 56-bit
DES
key.
The setting is a 2-character array of the ASCII-encoded salt.
Thus only 12 bits of
salt
are used.
count
is set to 25.
DES Algorithm
The
salt
introduces disorder in the
DES
algorithm in one of 16777216 or 4096 possible ways
(i.e., with 24 or 12 bits: if bit
i
of the
salt
is set, then bits
i
and
i+24
are swapped in the
DES
E-box output).
The DES key is used to encrypt a 64-bit constant using
count
iterations of
DES.
The value returned is a
NUL
string, 20 or 13 bytes (plus NUL) in length, consisting of the
setting
followed by the encoded 64-bit encryption.
The functions
encrypt();,
setkey();,
des_setkey();,
and
des_cipher();
provide access to the
DES
algorithm itself.
setkey();
is passed a 64-byte array of binary values (numeric 0 or 1).
A 56-bit key is extracted from this array by dividing the
array into groups of 8, and ignoring the last bit in each group.
That bit is reserved for a byte parity check by DES, but is ignored
by these functions.
The
block
argument to
encrypt();
is also a 64-byte array of binary values.
If the value of
flag
is 0,
block
is encrypted otherwise it is decrypted.
The result is returned in the original array
block
after using the key specified by
setkey();
to process it.
The argument to
des_setkey();
is a character array of length 8.
The least significant bit (the parity bit) in each character is ignored,
and the remaining bits are concatenated to form a 56-bit key.
The function
des_cipher();
encrypts (or decrypts if
count
is negative) the 64-bits stored in the 8 characters at
in
using
abs(3)
of
count
iterations of
DES
and stores the 64-bit result in the 8 characters at
out
(which may be the same as
in)).
The
salt
specifies perturbations to the
DES
E-box output as described above.
The
crypt();,
setkey();,
and
des_setkey();
functions all manipulate the same key space.
RETURN VALUES
The function
crypt();
returns a pointer to the encrypted value on success, and
NULL
on failure.
The functions
setkey();,
encrypt();,
des_setkey();,
and
des_cipher();
return 0 on success and 1 on failure.
A rotor-based
crypt();
function appeared in
Version 3 AT&T UNIX.
The current style
crypt();
first appeared in
Version 7 AT&T UNIX.
This library (FreeSec 1.0) was developed outside the United States of America
as an unencumbered replacement for the U.S.-only libcrypt encryption
library.
Programs linked against the
crypt();
interface may be exported from the U.S.A. only if they use
crypt();
solely for authentication purposes and avoid use of
the other programmer interfaces listed above.
Special care has been taken
in the library so that programs which only use the
crypt();
interface do not pull in the other components.
AUTHORS
David Burren ‹davidb@werj.com.au›
BUGS
The
crypt();
function returns a pointer to static data, and subsequent calls to
crypt();
will modify the same object.