Free Knowledge Resources


Linux Manual Pages


Free Software * Books

Source Code

Free Media

Linux

crypt(3)


NAME

   crypt, crypt_r - password and data encryption

SYNOPSIS

   #define _XOPEN_SOURCE       /* See feature_test_macros(7) */
   #include <unistd.h>

   char *crypt(const char *key, const char *salt);

   #define _GNU_SOURCE         /* See feature_test_macros(7) */
   #include <crypt.h>

   char *crypt_r(const char *key, const char *salt,
                 struct crypt_data *data);

   Link with -lcrypt.

DESCRIPTION

   crypt()  is  the password encryption function.  It is based on the Data
   Encryption Standard algorithm with  variations  intended  (among  other
   things) to discourage use of hardware implementations of a key search.

   key is a user's typed password.

   salt is a two-character string chosen from the set [a-zA-Z0-9./].  This
   string is used to perturb the algorithm in one of 4096 different ways.

   By taking the lowest 7 bits of each of the first  eight  characters  of
   the  key, a 56-bit key is obtained.  This 56-bit key is used to encrypt
   repeatedly a constant  string  (usually  a  string  consisting  of  all
   zeros).   The returned value points to the encrypted password, a series
   of 13 printable ASCII characters (the first  two  characters  represent
   the salt itself).  The return value points to static data whose content
   is overwritten by each call.

   Warning: the key space consists of 2**56 equal 7.2e16 possible  values.
   Exhaustive  searches  of  this  key  space are possible using massively
   parallel computers.  Software, such as  crack(1),  is  available  which
   will  search  the  portion  of this key space that is generally used by
   humans for passwords.  Hence, password selection  should,  at  minimum,
   avoid  common  words  and  names.   The use of a passwd(1) program that
   checks  for  crackable  passwords  during  the  selection  process   is
   recommended.

   The  DES  algorithm  itself  has a few quirks which make the use of the
   crypt() interface a very poor choice for anything other  than  password
   authentication.  If you are planning on using the crypt() interface for
   a cryptography project, don't do it: get a good book on encryption  and
   one of the widely available DES libraries.

   crypt_r()  is a reentrant version of crypt().  The structure pointed to
   by data is used to  store  result  data  and  bookkeeping  information.
   Other than allocating it, the only thing that the caller should do with
   this structure is to set data->initialized to  zero  before  the  first
   call to crypt_r().

RETURN VALUE

   On success, a pointer to the encrypted password is returned.  On error,
   NULL is returned.

ERRORS

   EINVAL salt has the wrong format.

   ENOSYS The crypt() function was not implemented,  probably  because  of
          U.S.A. export restrictions.

   EPERM  /proc/sys/crypto/fips_enabled   has  a  nonzero  value,  and  an
          attempt was made to use a weak encryption type, such as DES.

ATTRIBUTES

   For  an  explanation  of  the  terms  used   in   this   section,   see
   attributes(7).

   
   Interface  Attribute      Value                
   
   crypt()    Thread safety  MT-Unsafe race:crypt 
   
   crypt_r()  Thread safety  MT-Safe

CONFORMING TO

   crypt():  POSIX.1-2001, POSIX.1-2008, SVr4, 4.3BSD.  crypt_r() is a GNU
   extension.

NOTES

   Glibc notes
   The glibc2 version of  this  function  supports  additional  encryption
   algorithms.

   If  salt  is  a  character  string  starting with the characters "$id$"
   followed by a string terminated by "$":

          $id$salt$encrypted

   then instead of using the DES machine,  id  identifies  the  encryption
   method  used  and  this  then  determines  how the rest of the password
   string is interpreted.  The following values of id are supported:

          ID  | Method
          
          1   | MD5
          2a  | Blowfish (not in mainline glibc; added in some
              | Linux distributions)
          5   | SHA-256 (since glibc 2.7)
          6   | SHA-512 (since glibc 2.7)

   So   $5$salt$encrypted   is   an   SHA-256   encoded    password    and
   $6$salt$encrypted is an SHA-512 encoded one.

   "salt" stands for the up to 16 characters following "$id$" in the salt.
   The encrypted part of  the  password  string  is  the  actual  computed
   password.  The size of this string is fixed:

   MD5     | 22 characters
   SHA-256 | 43 characters
   SHA-512 | 86 characters

   The  characters  in  "salt"  and  "encrypted"  are  drawn  from the set
   [a-zA-Z0-9./].  In the MD5 and SHA implementations the  entire  key  is
   significant (instead of only the first 8 bytes in DES).

SEE ALSO

   login(1), passwd(1), encrypt(3), getpass(3), passwd(5)

COLOPHON

   This  page  is  part of release 4.09 of the Linux man-pages project.  A
   description of the project, information about reporting bugs,  and  the
   latest     version     of     this    page,    can    be    found    at
   https://www.kernel.org/doc/man-pages/.

                              2015-08-08                          CRYPT(3)



Opportunity


Personal Opportunity - Free software gives you access to billions of dollars of software at no cost. Use this software for your business, personal use or to develop a profitable skill. Access to source code provides access to a level of capabilities/information that companies protect though copyrights. Open source is a core component of the Internet and it is available to you. Leverage the billions of dollars in resources and capabilities to build a career, establish a business or change the world. The potential is endless for those who understand the opportunity.

Business Opportunity - Goldman Sachs, IBM and countless large corporations are leveraging open source to reduce costs, develop products and increase their bottom lines. Learn what these companies know about open source and how open source can give you the advantage.



Free Software


Free Software provides computer programs and capabilities at no cost but more importantly, it provides the freedom to run, edit, contribute to, and share the software. The importance of free software is a matter of access, not price. Software at no cost is a benefit but ownership rights to the software and source code is far more significant.

Free Office Software - The Libre Office suite provides top desktop productivity tools for free. This includes, a word processor, spreadsheet, presentation engine, drawing and flowcharting, database and math applications. Libre Office is available for Linux or Windows.



Free Books


The Free Books Library is a collection of thousands of the most popular public domain books in an online readable format. The collection includes great classical literature and more recent works where the U.S. copyright has expired. These books are yours to read and use without restrictions.

Source Code - Want to change a program or know how it works? Open Source provides the source code for its programs so that anyone can use, modify or learn how to write those programs themselves. Visit the GNU source code repositories to download the source.



Education


Study at Harvard, Stanford or MIT - Open edX provides free online courses from Harvard, MIT, Columbia, UC Berkeley and other top Universities. Hundreds of courses for almost all major subjects and course levels. Open edx also offers some paid courses and selected certifications.

Linux Manual Pages - A man or manual page is a form of software documentation found on Linux/Unix operating systems. Topics covered include computer programs (including library and system calls), formal standards and conventions, and even abstract concepts.


birds banner