|
|
|
char *crypt(key, salt) char *key, *salt;
char *_crypt(key, salt) char *key, *salt;
setkey(key) char *key;
encrypt(block, edflag) char *block;
crypt() is the password encryption routine, based on the NBS Data Encryption Standard, with variations intended (among other things) to frustrate use of hardware implementations of the DES for key search.
The first argument to crypt() is normally a user's typed password. The second is a 2-character string chosen from the set [a-zA-Z0-9./]. Unless it starts with `##' or `#$', the salt string is used to perturb the DES algorithm in one of 4096 different ways, after which the password is used as the key to encrypt repeatedly a constant string. The returned value points to the encrypted password, in the same alphabet as the salt. The first two characters are the salt itself.
If the salt string starts with `##', pwdauth.3 is called. If pwdauth returns TRUE, the salt is returned from crypt. Otherwise, NULL is returned. If the salt string starts with `#$', grpauth (see pwdauth.3 is called. If grpauth returns TRUE, the salt is returned from crypt. Otherwise, NULL is returned. If there is a valid reason not to have this authentication happen, calling _crypt avoids authentication.
The setkey and encrypt entries provide (rather primitive) access to the DES algorithm. The argument of setkey is a character array of length 64 containing only the characters with numerical value 0 and 1. If this string is divided into groups of 8, the low-order bit in each group is ignored; this gives a 56-bit key which is set into the machine. This is the key that will be used with the above mentioned algorithm to encrypt or decrypt the string block with the function encrypt.
The argument to the encrypt entry is a character array of length 64 containing only the characters with numerical value 0 and 1. The argument array is modified in place to a similar array representing the bits of the argument after having been subjected to the DES algorithm using the key set by setkey. If edflag is zero, the argument is encrypted; if non-zero, it is decrypted.
The return value points to static data whose content is overwritten by each call.
|
|
|
Created by unroff & hp-tools. © somebody (See intro for details). All Rights Reserved. Last modified 11/5/97