What does crypt() do in C?

M

5

crypt(text,"k7")

I looked it up and apparently 'k7' is the salt, but I have no idea what that means nor what type of output will come from that, anyone know?

Mammary answered 19/7, 2009 at 3:45 Comment(1)

-1 SO is not a replacement for man pages – Multiplex 19/7, 2009 at 10:21

S

12

From the crypt Man page.

Description

crypt() is the password encryption function. It is based on the Data Encryption Standard algorithm with variations intended (among other things) to discourage use of hardware implementations of a key search.

key is a user's typed password.

salt is a two-character string chosen from the set [a-zA-Z0-9./]. This string is used to perturb the algorithm in one of 4096 different ways.

Sodium answered 19/7, 2009 at 3:50 Comment(2)

+1 for being accurate and managing to use the word 'perturb' in an actual sentence describing an algorithm... – Allegiance 19/7, 2009 at 4:12

It should be given to the author of the man page, but thanks! – Sodium 19/7, 2009 at 6:57

K

12

All the other answers are correct, but so far no one has explained why the salt is there.

Wikipedia has a good page on salts and Rainbow Tables, which are the main reason why we have salts.

Without salt, crypt is basically just a one-way hashing function. It would take in a password and return a hashed version of that password. Rainbow tables provide an optimized method for defeating the "one-way" nature of this hash, and backing out the original password.

If you manage to get the hashed passwords ( via some database exploit, or access to the /etc/passwd or /etc/shadow file ), you could theoretically know a lot of people's passwords.

A salt adds an extra "random" factor to the mix. You need to create a random salt and store that somewhere ( with the password is OK, but separate is better ). Now one set of rainbow tables isn't enough, you suddenly need 65,536 sets of such tables ( in the case of a two-byte salt ). The salt could also be kept separate from the password, adding an extra hurdle.

Salt also help prevent users with the same passwords looks like have the same password; the salt is usually randomly selected, and if the salts are different then the hashed passwords will be dramatically different.

I'll also point out this blog entry explaining some password basics, which I found very informative.

Keyway answered 19/7, 2009 at 6:42 Comment(1)

@VladimirF, do you mean the word 'salt' in this answer? – Alemanni 4/1, 2018 at 14:10

L

1

As Randolpho points out, it's a one-way hashing process for text.

The standard use for crypt() is in storing passwords. Obviously, storing the password as plaintext would be very ill advised. Instead, crypt() is used to generate a hash of the password. When you type in your password, crypt() is applied to that, and then the two hashes are compared.

Essentially, the function of crypt() is to translate the text into some new text, from which the original can never be recovered, but which has a low probability of generating the same hash for two different keys.

Lefebvre answered 19/7, 2009 at 3:52 Comment(0)

A

0

C Manual - Crypt

The crypt function takes a password, key, as a string, and a salt character array which is described below, and returns a printable ASCII string which starts with another salt. It is believed that, given the output of the function, the best way to find a key that will produce that output is to guess values of key until the original value of key is found.

Atonic answered 19/7, 2009 at 3:54 Comment(0)

B

-1

Wikipedia FTW

Bottom line: it one-way hashes text

Bosky answered 19/7, 2009 at 3:47 Comment(0)

Recommended topics

Hot tags