anyone know about crypt(3)? Need info

[speicher at mitre.arpa]

crypt(3) uses an algorithm based on the DES.  Basically, the routine
encrypts a constant using the password as a key.  The question of
compatibility arises when it is possible to redefine this constant.
Some systems, SYSV comes to mind, allow you to redefine this constant
with the "setkey()" routine.  Typically, the constant is NULL.
The main difference that I know of between the standard implementation
of the DES and crypt(3) is that crypt encrypts the constant many times.
This was originally designed to make it difficult for "brute force"
crypt breakers, because potential passwords take a substantial amount
of CPU time to compute.  The passwords are never decrypted.  When the system
asks for a password, it encrypts the constant using the password as the
key.  It also uses a "salt" value.  This value shows up in the encrypted
string as the first two characters of that string.  According to the manual
entry for crypt(3), the salt is used to "perturb the hashing algorithm",
making it difficult for identical passwords to produce identical encrypted
strings.  When the password in "/etc/passwd" is created, the system clock
value at the time is sampled and "bit fiddled" to produce the salt.
The end result is that any password can be encrypted 4096 different ways.
I'm not aware that the Unix password encryption routines are in the
public domain.  However, I do have a copy of "des" that I got from
"comp.sources.unix".  I will mail you the shell archive.  By the way,
I personally don't trust the DES.  The last I heard, the analysis behind
the selection box matrix is still classified by NSA.  It's very possible
that there is a built in "trap door" to quickly decipher in case of national
emergency.  I don't like the idea of ANYONE having the keys to break an
encryption scheme that is in widespread use.


					Clay

speicher at mitre.arpa
"I am not Herbert"