FACTOID # 14: North Carolina has a larger Native American population than North Dakota, South Dakota and Montana combined.
 
 Home   Encyclopedia   Statistics   States A-Z   Flags   Maps   FAQ   About 
   
 
WHAT'S NEW
 

SEARCH ALL

FACTS & STATISTICS    Advanced view

Search encyclopedia, statistics and forums:

 

 

(* = Graphable)

 

 


Encyclopedia > Crypt (Unix)

crypt(1) is a Unix utility command while crypt(3) is an unrelated standard library function. The (1) and (3) suffixes to these reflect a documentation convention among Unix writers, system administrators, programmers, and users which disambiguate some terms based on whether they are commands (documented in chapter (1) of the Unix man pages) or library functions (documented in chapter (3), traditionally). Wikibooks has more about this subject: Guide to UNIX Unix or UNIX is a computer operating system originally developed in the 1960s and 1970s by a group of AT&T Bell Labs employees including Ken Thompson, Dennis Ritchie, and Douglas McIlroy. ... In C++, the Standard Library is a collection of classes and functions, which are written in the core language. ... Almost all substantial UNIX and Unix-like operating systems have extensive documentation available as an electronic manual, split into multiple sections called man pages (short for manual pages and based on the command used to display them). ...


Despite the similarity in names, the two are basically unrelated.

Contents


Command filter

crypt(1) is a simple command to encrypt or decrypt data. Usually this is used as a filter and it has traditionally been implemented using an algorithm based on the Enigma machine. It is considered to be far too cryptographically weak to provide any security against brute force attacks by modern, commodity personal computers. In UNIX and UNIX-like operating systems, a filter is program that gets most of its data from standard input and writes its main results to standard output. ... Flowcharts are often used to represent algorithms. ... A three-rotor German military Enigma machine showing, from bottom to top, the plugboard, the keyboard, the lamps and the finger-wheels of the rotors emerging from the inner lid (version with labels). ... The German Lorenz cipher machine Cryptography or cryptology is a field of mathematics and computer science concerned with information security and related issues, particularly encryption. ... In computer science, a brute-force search consists of systematically enumerating every possible solution of a problem until a solution is found, or all possible solutions have been exhausted. ...


Some versions of Unix shipped with an even weaker version of the crypt(1) command in order to comply with contemporaneous laws and regulations which limited the exportation of cryptographic software (for example by classifying them as munitions). Some of these were simply implementations of the Caesar cipher (effectively no more secure than ROT13 which is implemented as a Caesar cipher with a well known key). Munition is often defined as a synonyn for ammunition. ... The action of a Caesar cipher is to move each letter a number of places down the alphabet. ... ROT13 replaces each letter by its partner 13 characters further along the alphabet. ...


crypt(1) under Linux

Linux distributions generally do not include a Unix compatible version of the crypt command. This is largely due to a combination of three major factors: A Linux distribution is a Unix-like operating system comprising the Linux kernel, the GNU operating system (or most of it), other assorted free software/open-source software, and possibly proprietary software. ...

  1. crypt is relatively obscure and rarely used for e-mail attachments nor as a file format
  2. crypt is considered far too cryptographically weak to withstand brute force attacks by modern computing systems (Linux systems generally ship with GNU Privacy Guard which is considered to be reasonably secure by modern standards)
  3. During the early years of Linux development and adoption there was some concern that even as weak as the algorithm used by crypt was, that it might still run afoul of ITAR's export controls; so mainstream distribution developers in the United States generally excluded it (and left their customers to fetch GnuPG/GPG or other strong cryptographic software from international sites, sometimes providing packages or scripts to automate that process).

The source code to the legacy version of the crypt command do not seem to be readily available and are apparently not included with the Heirloom Toolchest release of original Unix source code. The GNU Privacy Guard (GnuPG or GPG) is a free software replacement for the PGP suite of cryptographic software, released under the GNU General Public License. ... This page is about the US export law ITAR, for the Russian news agency see ITAR-TASS ITAR (International Traffic in Arms Regulations) is a set of U.S. government regulations that authorizes the President of the United States to control the export and import of defense-related material and...


Enhanced symmetric encryption utilities are available for Linux (and should also portable to any other Unix-like system) including mcrypt and ccrypt. While these provide support for much more sophisticated and modern algorithms, they can be used to encrypt and decrypt files which are compatible with the traditional crypt(1) command by providing the correct command line switches and options. Symmetric-key algorithms are a class of algorithms for cryptography that use trivially related cryptographic keys for both decryption and encryption. ... mcrypt is a replacement for the popular in the UNIX world crypt command. ...


Library Function

crypt(3) is the library function which is used to compute a password hash that can be used to store user account passwords while keeping them relatively secure. Technically the name is a misnomer since it is actually a cryptographic hash function. Traditionally it's been implemented using a simplified form of the DES algorithm. The user's password is truncated to eight characters, and those are coerced down to only 7-bits each; then a "salt" is randomly chosen and used to perturb these 56-bits into a DES key. That key is then used to "encrypt" a string of ASCII NUL characters, and the results are then encoded into a printable string (with the original "salt" also encoded and concatenated). In cryptography, a cryptographic hash function is a hash function with certain additional security properties to make it suitable for use as a primitive in various information security applications, such as authentication and message integrity. ... General Designer(s) IBM First published 1975 (January 1977 as the standard) Derived from Lucifer (cipher) Cipher(s) based on this design Triple DES, G-DES, DES-X, LOKI89, ICE Algorithm detail Block size(s) 64 bits Key size(s) 56 bits Structure Feistel network Number of rounds 16 Best... For other uses, see ASCII (disambiguation). ... Null is usually that which has no value (nothingness). ... For other senses of the word code, see code (disambiguation). ...


When a user attempts to authenticate the password they propose is run through the same function (with the same "salt" ... now decoded). If the results from this purported password match that which is stored in the system then the user is presumed to have used the same password.


This is technically not encryption since the data (the ASCII NUL string) is not being kept secret; it's widely known to all in advance. However, one of the properties of DES is that it's very resistant to key recovery even in the face of known plaintext situations. It is theoretically possible that two different passwords could result in exactly the same hash. Thus the password is never "decrypted" --- it is merely used to compute a result, and the matching results are presumed to be proof that the passwords were "the same." The known-plaintext attack is a cryptanalytic attack in which the attacker has samples of both the plaintext and its encrypted version (ciphertext) and is at liberty to make use of them to reveal further secret information; typically this is the secret key. ...


The advantages of this method have been that the password can be stored in plain text and copied among Unix systems without being exposed to the system administrators or other users. This portability has worked for over 30 years across many generations of computing architecture, and across many versions of Unix from many vendors.


crypt(3) was originally chosen because DES was resistant to key recovery even in the face of "known plaintext" attacks, and because it was computationally expensive. On the earliest Unix machines it took over a full second to compute a password hash. This also made it reasonably resistant to dictionary attacks in that era. At that time password hashes were commonly stored in an account file (/etc/passwd) which was readable to anyone on the system. (This account file was also used to map user ID numbers into names, and user names into full names, etc). In cryptanalysis, a dictionary attack refers to discovering a password by running through a list of likely possibilities, often a list of words from a dictionary. ...


In the three decades since that time, computers have become vastly more powerful. Moore's Law has generally held true, so the computer speed and capacity available for a given financial investment as doubled over 20 times since Unix was first written. This has long since left the crypt(3) function vulnerable to dictionary attacks, and Unix and Unix-like systems such as Linux have used "shadow" files for a long time ... migrating just the password hash values out of the account file (/etc/passwd) and into a file which can only be read by privileged processes (conventionally named /etc/shadow). Growth of transistor counts for Intel processors (dots) and Moores Law (upper line=18 months; lower line=24 months) Moores law is about the empirical observation, that at our rate of technological development, the complexity of an integrated circuit, with respect to minimum component cost, will double in... Tux is the official Linux mascot. ...


In addition all modern versions of Unix now support an alternative crypt(3) algorithm which computes a password hash based on the MD5 algorithm. This allows users to have any length password and they can use any characters supported by their platform (not just 7-bit ASCII). Though, in practice, implementations of the software which call this function limit the password length --- but they generally support passwords far longer than any human being would be willing to type). Generally these newer implementation encode these MD5 hashes as printable strings starting with $1$ which is used by the library function to select which algorithm is being used for any given password hash. Thus a system can transparently support any mixture of old DES-based and new MD5 password hashes even in the same account files. This, of course, allowed for a migration of old acounts to new password hashes but as also proved useful in situations where user accounts must be migrated from legacy systems, and their accounts merged. In cryptography, MD5 (Message-Digest algorithm 5) is a widely-used cryptographic hash function with a 128-bit hash value. ...


crypt(3) under Linux

The GNU C Library used by almost all Linux distributions provides an implementation of the crypt function which can transparently manage both the tradtional DES-based and MD5 hashing algorithms. Glibc is the GNU projects C standard library. ...


 
 

COMMENTARY     


Share your thoughts, questions and commentary here
Your name
Your comments

Want to know more?
Search encyclopedia, statistics and forums:

 


Press Releases |  Feeds | Contact
The Wikipedia article included on this page is licensed under the GFDL.
Images may be subject to relevant owners' copyright.
All other elements are (c) copyright NationMaster.com 2003-5. All Rights Reserved.
Usage implies agreement with terms, 1022, m