Path: utzoo!mnetor!uunet!husc6!cmcl2!brl-adm!adm!speicher@mitre.arpa From: speicher@mitre.arpa Newsgroups: comp.unix.wizards Subject: RE: anyone know about crypt(3)? Need info Message-ID: <12497@brl-adm.ARPA> Date: 18 Mar 88 16:33:43 GMT Sender: news@brl-adm.ARPA Lines: 33 crypt(3) uses an algorithm based on the DES. Basically, the routine encrypts a constant using the password as a key. The question of compatibility arises when it is possible to redefine this constant. Some systems, SYSV comes to mind, allow you to redefine this constant with the "setkey()" routine. Typically, the constant is NULL. The main difference that I know of between the standard implementation of the DES and crypt(3) is that crypt encrypts the constant many times. This was originally designed to make it difficult for "brute force" crypt breakers, because potential passwords take a substantial amount of CPU time to compute. The passwords are never decrypted. When the system asks for a password, it encrypts the constant using the password as the key. It also uses a "salt" value. This value shows up in the encrypted string as the first two characters of that string. According to the manual entry for crypt(3), the salt is used to "perturb the hashing algorithm", making it difficult for identical passwords to produce identical encrypted strings. When the password in "/etc/passwd" is created, the system clock value at the time is sampled and "bit fiddled" to produce the salt. The end result is that any password can be encrypted 4096 different ways. I'm not aware that the Unix password encryption routines are in the public domain. However, I do have a copy of "des" that I got from "comp.sources.unix". I will mail you the shell archive. By the way, I personally don't trust the DES. The last I heard, the analysis behind the selection box matrix is still classified by NSA. It's very possible that there is a built in "trap door" to quickly decipher in case of national emergency. I don't like the idea of ANYONE having the keys to break an encryption scheme that is in widespread use. Clay speicher@mitre.arpa "I am not Herbert"