Provided by: manpages-dev_2.17-1_all bug

NAME

       crypt - password and data encryption

SYNOPSIS

       #define _XOPEN_SOURCE
       #include <unistd.h>

       char *crypt(const char *key, const char *salt);

DESCRIPTION

       crypt()  is  the password encryption function.  It is based on the Data
       Encryption Standard algorithm with  variations  intended  (among  other
       things)  to discourage use of hardware implementations of a key search.

       key is a user’s typed password.

       salt is a two-character string chosen from the set [azAZ09./].  This
       string  is used to perturb the algorithm in one of 4096 different ways.

       By taking the lowest 7 bits of each of the first  eight  characters  of
       the  key, a 56-bit key is obtained.  This 56-bit key is used to encrypt
       repeatedly a constant  string  (usually  a  string  consisting  of  all
       zeros).   The returned value points to the encrypted password, a series
       of 13 printable ASCII characters (the first  two  characters  represent
       the salt itself).  The return value points to static data whose content
       is overwritten by each call.

       Warning: The key space consists of 2**56 equal 7.2e16 possible  values.
       Exhaustive  searches  of  this  key  space are possible using massively
       parallel computers.  Software, such as  crack(1),  is  available  which
       will  search  the  portion  of this key space that is generally used by
       humans for passwords.  Hence, password selection  should,  at  minimum,
       avoid  common  words  and  names.   The use of a passwd(1) program that
       checks  for  crackable  passwords  during  the  selection  process   is
       recommended.

       The  DES  algorithm  itself  has a few quirks which make the use of the
       crypt(3) interface a very poor choice for anything other than  password
       authentication.   If  you  are planning on using the crypt(3) interface
       for a cryptography project, don’t do it: get a good book on  encryption
       and one of the widely available DES libraries.

RETURN VALUE

       A  pointer  to  the  encrypted password is returned.  On error, NULL is
       returned.

ERRORS

       ENOSYS The crypt() function was not implemented,  probably  because  of
              U.S.A. export restrictions.

GNU EXTENSION

       The  glibc2  version  of  this  function  has  the following additional
       features.  If salt is  a  character  string  starting  with  the  three
       characters  "$1$"  followed by at most eight characters, and optionally
       terminated by "$", then instead of using the  DES  machine,  the  glibc
       crypt function uses an MD5-based algorithm, and outputs up to 34 bytes,
       namely  "$1$<string>$",  where  "<string>"  stands  for  the  up  to  8
       characters  following  "$1$"  in  the salt, followed by 22 bytes chosen
       from the  set  [azAZ09./].   The  entire  key  is  significant  here
       (instead of only the first 8 bytes).

       Programs using this function must be linked with -lcrypt.

CONFORMING TO

       SVID, X/OPEN, 4.3BSD, POSIX 1003.1-2001

SEE ALSO

       login(1), passwd(1), encrypt(3), getpass(3), passwd(5)

                                  2001-12-23                          CRYPT(3)