Описание тега crypt

crypt(3) is a Unix C library function used for hashing passwords. The crypt() function takes in a password and an optional salt string (chosen randomly if not supplied), and calculates a cryptographic message digest based on them. The digest includes the salt used to generate it, so that, when the user re-enters their password, the digest can be recalculated and compared with the previously stored value.

Despite its name, the crypt(3) function cannot actually be used to encrypt data; the transformation it implements is deliberately non-reversible, so that its output cannot be decrypted to recover the original password.

The "traditional" hashing algorithm used by the original Unix crypt(3) was based on a modified version of the DES block cipher, and only supported passwords of up to 8 characters, with 7 bits per character, and a two-character salt with 6 bits per character. This algorithm is nowadays considered insecure due to its limited keyspace and high speed, which allow an attacker using modern computers to test all possible passwords by brute force in a relatively short time. Nonetheless, most crypt(3) implementations still include it for the sake of backwards compatibility.

Most modern crypt(3) implementations include various alternative hashing algorithms, which typically support arbitrarily long passphrases, longer salts and adjustable iteration counts to deliberately slow down the digest calculation for key stretching. One well known example of such an algorithm is bcrypt, which is based on the Blowfish cipher.

Functions similar in name and purpose to (and possibly implemented by) the Unix crypt(3) function are also found in several high-level languages, including PHP, Perl and Python.

The crypt(3) function should not be confused with the Unix command line utility crypt(1), which is an obsolete and insecure file encryption utility. For a modern replacement, see mcrypt.