1 .\" $NetBSD: crypt.3,v 1.19 2005/08/16 10:10:16 drochner Exp $
3 .\" Copyright (c) 1989, 1991, 1993
4 .\" The Regents of the University of California. All rights reserved.
6 .\" Redistribution and use in source and binary forms, with or without
7 .\" modification, are permitted provided that the following conditions
9 .\" 1. Redistributions of source code must retain the above copyright
10 .\" notice, this list of conditions and the following disclaimer.
11 .\" 2. Redistributions in binary form must reproduce the above copyright
12 .\" notice, this list of conditions and the following disclaimer in the
13 .\" documentation and/or other materials provided with the distribution.
14 .\" 3. Neither the name of the University nor the names of its contributors
15 .\" may be used to endorse or promote products derived from this software
16 .\" without specific prior written permission.
18 .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
19 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
22 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 .\" @(#)crypt.3 8.2 (Berkeley) 12/11/93
41 .Nd password encryption
47 .Fn *crypt "const char *key" "const char *setting"
49 .Fn encrypt "char *block" "int flag"
51 .Fn des_setkey "const char *key"
53 .Fn des_cipher "const char *in" "char *out" "long salt" "int count"
56 .Fn setkey "const char *key"
61 performs password encryption.
62 The encryption scheme used by
64 is dependent upon the contents of the
65 .Dv NUL Ns -terminated
69 with a string character
71 and a number then a different algorithm is used depending on the number.
74 chooses MD5 hashing and a
76 chooses Blowfish hashing; see below for more information.
79 begins with the ``_'' character, DES encryption with a user specified number
80 of perturbations is selected.
83 begins with any other character, DES encryption with a fixed number
84 of perturbations is selected.
86 The DES encryption scheme is derived from the
88 Data Encryption Standard.
89 Additional code has been added to deter key search attempts and to use
90 stronger hashing algorithms.
91 In the DES case, the second argument to
93 is a character array, 9 bytes in length, consisting of an underscore (``_'')
94 followed by 4 bytes of iteration count and 4 bytes of salt.
99 are encoded with 6 bits per character, least significant bits first.
100 The values 0 to 63 are encoded by the characters ``./0-9A-Za-z'',
105 is used to induce disorder in to the
110 (specifically, if bit
123 is divided into groups of 8 characters (a short final group is null-padded)
124 and the low-order 7 bits of each character (56 bits per group) are
125 used to form the DES key as follows: the first group of 56 bits becomes the
127 For each additional group, the XOR of the group bits and the encryption of
128 the DES key with itself becomes the next DES key.
129 Then the final DES key is used to perform
131 cumulative encryptions of a 64-bit constant.
132 The value returned is a
133 .Dv NUL Ns -terminated
134 string, 20 bytes in length, consisting
137 followed by the encoded 64-bit encryption.
139 For compatibility with historical versions of
143 may consist of 2 bytes of salt, encoded as above, in which case an
146 of 25 is used, fewer perturbations of
148 are available, at most 8
151 are used, and the returned value is a
152 .Dv NUL Ns -terminated
153 string 13 bytes in length.
162 allow limited access to the
169 is a 64 character array of
170 binary values (numeric 0 or 1).
171 A 56-bit key is derived from this array by dividing the array
172 into groups of 8 and ignoring the last bit in each group.
178 is also a 64 character array of
185 is encrypted, otherwise it
187 The encryption or decryption is returned in the original
200 functions are faster but less portable than
206 is a character array of length 8.
209 significant bit in each character is ignored and the next 7 bits of each
210 character are concatenated to yield a 56-bit key.
213 encrypts (or decrypts if
215 is negative) the 64-bits stored in the 8 characters at
223 and stores the 64-bit result in the 8 characters at
227 specifies perturbations to
233 encryption scheme, the version number (in this case ``1''),
235 and the hashed password are separated
236 by the ``$'' character.
237 A valid password looks like this:
239 ``$1$2qGr5PPQ$eT08WBFev3RPLNChixg0H.''.
241 The entire password string is passed as
247 version of crypt has 128 bits of
249 in order to make building dictionaries of common passwords space consuming.
250 The initial state of the
252 cipher is expanded using the
256 repeating the process a variable number of rounds, which is encoded in
258 The maximum password length is 72.
259 The final Blowfish password entry is created by encrypting the string
261 .Dq OrpheanBeholderScryDoubt
267 The version number, the logarithm of the number of rounds and
268 the concatenation of salt and hashed password are separated by the
273 would specify 256 rounds.
274 A valid Blowfish password looks like this:
276 .Dq $2a$12$eIAq8PR8sIUnJ1HaohxX2O9x9Qlm2vK97LJ5dsXdmB.eXF42qjchC .
278 The whole Blowfish password string is passed as
284 returns a pointer to the encrypted value on success and NULL on failure.
291 return 0 on success and 1 on failure.
292 Historically, the functions
296 did not return any value.
297 They have been provided return values primarily to distinguish
298 implementations where hardware support is provided but not
299 available or where the DES encryption is not available due to the
300 usual political silliness.
310 .%T "Mathematical Cryptology for Computer Scientists and Mathematicians"
313 .%N ISBN 0-8476-7438-X
316 .%T "Password Security: A Case History"
319 .%J "Communications of the ACM"
325 .%T "DES will be Totally Insecure within Ten Years"
344 significant bit in each character of the argument to
350 function leaves its result in an internal static object and returns
351 a pointer to that object.
354 will modify the same object.