Table of Contents
The
function performs password encryption. It is derived from the Data Encryption
Standard. Additional code has been added to deter key search attempts. The
first argument to is a string (normally a password typed by a user). The
second is a character array, 9 bytes in length, consisting of an underscore
(‘‘_’’) followed by 4 bytes of iteration count and 4 bytes of salt. Both the
iteration and the are encoded with 6 bits per character, least significant
bits first. The values 0 to 63 are encoded by the characters ‘‘./0-9A-Za-z’’, respectively.
The is used to induce disorder in to the algorithm in one of 16777216
possible ways (specifically, if bit of the is set then bits and are
swapped in the ‘‘E’’ box output). The is divided into groups of 8 characters
(a short final group is null-padded) and the low-order 7 bits of each character
(56 bits per group) are used to form the DES key as follows: the first
group of 56 bits becomes the initial DES key. For each additional group,
the XOR of the group bits and the encryption of the DES key with itself
becomes the next DES key. Then the final DES key is used to perform cumulative
encryptions of a 64-bit constant. The value returned is a string, 20 bytes
in length, consisting of the followed by the encoded 64-bit encryption.
For compatibility with historical versions of the may consist of 2 bytes
of salt, encoded as above, in which case an iteration of 25 is used, fewer
perturbations of are available, at most 8 characters of are used, and
the returned value is a string 13 bytes in length. The functions, and
allow limited access to the algorithm itself. The argument to is a 64
character array of binary values (numeric 0 or 1). A 56-bit key is derived
from this array by dividing the array into groups of 8 and ignoring the
last bit in each group. The argument is also a 64 character array of
binary values. If the value of is 0, the argument is encrypted, otherwise
it fails. The encryption is returned in the original array after using
the key specified by to process it. The and functions are faster but
less portable than and The argument to is a character array of length
8. The significant bit in each character is ignored and the next 7 bits
of each character are concatenated to yield a 56-bit key. The function encrypts
the 64-bits stored in the 8 characters at using of iterations of and
stores the 64-bit result in the 8 characters at The specifies perturbations
to as described above. The function returns a pointer to the encrypted
value on success and NULL on failure. The functions and return 0 on
success and 1 on failure. Historically, the functions and did not return
any value. They have been provided return values primarily to distinguish
implementations where hardware support is provided but not available or
where the DES encryption is not available due to the usual political silliness.
A rotor-based function appeared
in The current style first appeared in
Dropping the significant
bit in each character of the argument to is ridiculous. The function
leaves its result in an internal static object and returns a pointer to
that object. Subsequent calls to will modify the same object.
Table of Contents