-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-                        UNIX                                 -
-       Programming Information and command summary for       - 
-       the 'crypt' function                                  -
-=============================================================-
-   Pilfered from a UNIX system and edited by BIOC Agent 003  -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

                                CRYPT 1

NAME
----

crypt - encode/decode

SYNOPSIS
--------

crypt [ password ]

DESCRIPTION
-----------

     Crypt reads from the standard input and writes on the
standard output. The password is a key that selects a particular
transformation. If no password is given, crypt demands a key
from the terminal and turns off printing while the key is being
typed in. Crypt encrypts and decrypts with the same key:

crypt key <clear >cypher

crypt key <cypher : pr will print the clear.

     Files encrypted by crypt are compatible with those treated
by the editor ed in encryption mode.

     The security of encrypted files depends on three factors:
the fundamental method must be hard to solve; direct search of
the key space must be infeasible; 'sneak paths' by which keys or
clear text can become visible must be minimized.

     Crypt implements a one-rotor machine designed along the
lines of the German Enigma, but with a 256-element rotor.
Methods of attack on such machines are known, but not widely;
moreover, the amount of work required is likely to be large.

     The transformation of a key into the internal settings of
the machine is delibertely designed to be expensive, i.e. to
take a substantial fraction of a second to compute. However, if
keys are restricted to three lower-case letters, then encrypted
files can be read by expending only a substantial fraction of
five minutes of machine time.

     Since the key is an argument to the crypt command, it is
potentially visible to users executing ps(1) or a derivative. To
minimize this possibility, crypt takes care to destroy any
record of the key immediately upon entry. The choice of keys and
key security are the most vulnerable aspect of crypt.

FILES
-----

/dev/tty       for typed keys

SEE ALSO
--------

ed(1), makekey(8)

BUGS
----

     If output is piped to nroff(1) and the encryption key is
not given on the command line, crypt can leave terminal modes in
a strange state (see stty(1) ).
---------------------------------------------------------------

                               CRYPT 3C

NAME
----

crypt, setkey, encrypt - DES encryption

SYNOPSIS
--------

char crypt (key,salt)

char key, salt;

setkey (key)
char key;

encrypt (block, edflag)
char block;
int edflag;

DESCRIPTION
-----------

     Crypt is the password encryption routine. It is based on
the NBS Data Encryption Standard DES, with variations intended
to frustrate use of implementations of the DES for key search.

     The first argument to crypt is a user's tyyped password.
The second is a 2-character string chosen from the set [a-z,
A-Z, 0-9, ., /]; this salt string is used to perturb the DES
algorithm in one of 4096 different ways, after which the
password is used as the key to encrypt repeatedly a constant
string. The returned value points to the encrypted password, in
the same alphabet as the salt. The first two characters are the
salt itself.

     The setkey and encrypt entries provide access to the actual
DES algorithm. The argument of setkey is a character array of
length 64 containing only the characters with numerical value 0
and 1. If this string is divided into groups of eight, the
low-order bit in each group is ignored, leading to a 56-bit key
which is set into the machine.

     The argument to the encrypt entry is likewise a character
array of length 64 containing 0's and 1's. The argument array is
modified in place to a similar array representing the bits of
the argument after having been subjected to the DES algorithm
using the key set by setkey. If edflag is 0, the argument is
encrypted; if non-zero, it is decrypted.

SEE ALSO
--------

login(1), passwd(1), getpass(3C), passwd(5)

BUGS
----

     The return value points to static data that are overwritten
by each call.
---------------------------------------------------------------

                              MAKEKEY 8

NAME
----

makekey - generate encryption key

SYNOPSIS
--------

/usr/lib/makekey

DESCRIPTION
-----------

     Makekey improves the usefullness of encryptin schemes
depending on a key by increasing the amount of time required to
search the key space. It reads 10 bytes from its standard input,
and writes 13 bytes on its standard output. The putput depends
on the input in a way intended to be difficult to compute (i.e.,
to require a substantial fraction of a second).

     The first eight input bytes (the 'input key') can be
arbitrary ASCII characters. The last two (the salt) are best
chosen from the set of digits, .,/, and upper- and lower-case
letters. The salt characters are repeated as the first two
characters of the output. The remaining 11 output characters are
chosen from the same set as the salt and constitutes the 'output
key'.

     The transformation performed is essentially the following:
the salt is used to select one of 4096 cryptographic machines
all based on the National Bureau of Standards DES algorithm, but
broken in 4096 different ways. Using the input key as key, a
constant string is fed into the machine and recirculated a
number of times. The 64 bits that come out are distributed into
the 66 output key bits in the result.

     Makekey is intended for programs that perform encryption
(e.g., ed(1) and crypt(1) ). Usually, its input and output will
be pipes.

SEE ALSO
--------

crypt(1), ed(1), passwd(5)
-------------------------------------------------------------
