Provided by: manpages-dev_3.01-1_all bug

NAME

       crypt - password and data encryption

SYNOPSIS

       #define _XOPEN_SOURCE
       #include <unistd.h>

       char *crypt(const char *key, const char *salt);

       Link with -lcrypt.

DESCRIPTION

       crypt()  is  the password encryption function.  It is based on the Data
       Encryption Standard algorithm with  variations  intended  (among  other
       things)  to discourage use of hardware implementations of a key search.

       key is a user’s typed password.

       salt is a two-character string chosen from the set [azAZ09./].  This
       string  is used to perturb the algorithm in one of 4096 different ways.

       By taking the lowest 7 bits of each of the first  eight  characters  of
       the  key, a 56-bit key is obtained.  This 56-bit key is used to encrypt
       repeatedly a constant  string  (usually  a  string  consisting  of  all
       zeros).   The returned value points to the encrypted password, a series
       of 13 printable ASCII characters (the first  two  characters  represent
       the salt itself).  The return value points to static data whose content
       is overwritten by each call.

       Warning: The key space consists of 2**56 equal 7.2e16 possible  values.
       Exhaustive  searches  of  this  key  space are possible using massively
       parallel computers.  Software, such as  crack(1),  is  available  which
       will  search  the  portion  of this key space that is generally used by
       humans for passwords.  Hence, password selection  should,  at  minimum,
       avoid  common  words  and  names.   The use of a passwd(1) program that
       checks  for  crackable  passwords  during  the  selection  process   is
       recommended.

       The  DES  algorithm  itself  has a few quirks which make the use of the
       crypt() interface a very poor choice for anything other  than  password
       authentication.  If you are planning on using the crypt() interface for
       a cryptography project, don’t do it: get a good book on encryption  and
       one of the widely available DES libraries.

RETURN VALUE

       A  pointer  to  the  encrypted password is returned.  On error, NULL is
       returned.

ERRORS

       ENOSYS The crypt() function was not implemented,  probably  because  of
              U.S.A. export restrictions.

CONFORMING TO

       SVr4, 4.3BSD, POSIX.1-2001

NOTES

   Glibc Notes
       The  glibc2  version  of  this  function  has  the following additional
       features.  If salt is  a  character  string  starting  with  the  three
       characters  "$1$"  followed by at most eight characters, and optionally
       terminated by "$", then instead of using the  DES  machine,  the  glibc
       crypt function uses an MD5-based algorithm, and outputs up to 34 bytes,
       namely "$1$<salt>$<encoded>", where "<salt>" stands for  the  up  to  8
       characters following "$1$" in the salt, and "<encoded>" is a further 22
       characters.  The characters in "<salt>" and "<encoded>" are drawn  from
       the  set [azAZ09./].  The entire key is significant here (instead of
       only the first 8 bytes).

SEE ALSO

       login(1),     passwd(1),     encrypt(3),     getpass(3),     passwd(5),
       feature_test_macros(7)

COLOPHON

       This  page  is  part of release 3.01 of the Linux man-pages project.  A
       description of the project, and information about reporting  bugs,  can
       be found at http://www.kernel.org/doc/man-pages/.

                                  2001-12-23                          CRYPT(3)