Dear netlanders,
I am in the process of adding additional security measure to our system.
A requirement was the addition of a "system level password" which was not limited
to eight characters. In addition, I decided to require the password to live in
/etc/passwd and the encrypted password to look like the standard UN*X crypt. The
results of these requirements led me to write a function called "tcrypt()". The
algorithm basically follows the concepts of the DES algorithm, but is done in an
obviously non-DES fashion.
I am interested in receiving feedback on this algorithm either with it
faults, cycles, shortcomings or even it's good points. Any comments are welcome.
BTW, this function is public domain. If you like it, you may steal it,
put your name on it, or whatever you want.
--------- Function "tcrypt()" follows ---------
/*
* tcrypt - generate hashing encryption
* This function performs an encryption that produces hashed passwords that
* look like the ones produced by the UN*X DES algorithm. The major difference
* is that it allows input passwords of unlimited length (as opposed to the
* UN*X algorithm which only uses the first eight characters).
*
* SYNOPSIS:
* char *tcrypt (key, salt)
* char *key, *salt;
*/
# define tcrypt_char(a) (_tcrypt_char[((int)a)&63])
char _tcrypt_char[] = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789./";
char *
tcrypt (key, salt)
char *key;
char *salt;
{
static char buff[14]; /* Buffer to hold encrypted password. */
char *pb; /* Pointer into buffer. */
char *pk; /* Pointer into key (unencrypted password). */
char tmp; /* Value from last encryption loop. */
char s; /* Alternates between first and second character of salt. */
int size_key; /* Length of the key. */
int count; /* Loop variable. */
/* Set up initial conditions. */
strcpy (buff, "Initial_value");
pk = key;
tmp = 0;
size_key = strlen(key);
/* Repeatedly encryt buffer. */
for (count=0; count < 100; count++) /* Re-encrypt passwd this many times. */
{ s = salt[count&1];
for (pb=buff; pb < buff+14; pb++)
{ tmp = *pb = tcrypt_char ( *pb + *pk + s + tmp + ((*pk + s) >> (1+(count&1))) + (pk-key) );
pk++;
if (pk >= key+size_key) pk = key;
}
}
/* Set first two characters to the salt, and terminate string. */
buff[0] = salt[0];
buff[1] = salt[1];
buff[13] = '\0';
return (buff);
}
--
/* My opinions... * Tony Ivanov MS-4B * ...ucbvax! */
/* shared by my company?!... * Grass Valley Group, Inc. * tektronix! */
/* you've got to be kidding! * P.O. Box 1114 * gvgpsa! */
/* "tony at gvgpvd.GVG.TEK.COM" * Grass Valley, CA 95945 * gvgpvd!tony */