 | | The crypt function extracts seven bits from each character of the password, ignoring the parity bit, to form the 56-bit DES key. This implies that no more than eight characters are significant in the password. Next, one of the internal tables in the DES algorithm is permuted in one of 4,096 different ways depending on the value of the salt. The purpose of the salt is to make it more difficult to use DES chips or a precomputed list of encrypted passwords to attack the algorithm (although with current processor speeds and disk capacities, this deterrent is not as significant as it once was). The DES algorithm (with the modified table) is then invoked for 25 iterations on a block of zeros. The output of this encryption, which is 64 bits long, is then coerced into a 64-character alphabet (A-Z, a-z, 0-9, '.', and '/'). Because this coercion involves translations in which several different values are represented by the same character, password encryption is essentially one way; the result cannot be decrypted. The resulting string returned by crypt contains the two-character salt followed by the eleven-character coerced result of the encryption. | |
|