crypt(text,"k7")
I looked it up and apparently 'k7' is the salt, but I have no idea what that means nor what type of output will come from that, anyone know?
crypt(text,"k7")
I looked it up and apparently 'k7' is the salt, but I have no idea what that means nor what type of output will come from that, anyone know?
From the crypt Man page.
Description
crypt() is the password encryption function. It is based on the Data Encryption Standard algorithm with variations intended (among other things) to discourage use of hardware implementations of a key search.
key is a user's typed password.
salt is a two-character string chosen from the set [a-zA-Z0-9./]. This string is used to perturb the algorithm in one of 4096 different ways.
As Randolpho points out, it's a one-way hashing process for text.
The standard use for crypt() is in storing passwords. Obviously, storing the password as plaintext would be very ill advised. Instead, crypt() is used to generate a hash of the password. When you type in your password, crypt() is applied to that, and then the two hashes are compared.
Essentially, the function of crypt() is to translate the text into some new text, from which the original can never be recovered, but which has a low probability of generating the same hash for two different keys.
The crypt function takes a password, key, as a string, and a salt character array which is described below, and returns a printable ASCII string which starts with another salt. It is believed that, given the output of the function, the best way to find a key that will produce that output is to guess values of key until the original value of key is found.
All the other answers are correct, but so far no one has explained why the salt is there.
Wikipedia has a good page on salts and Rainbow Tables, which are the main reason why we have salts.
Without salt, crypt is basically just a one-way hashing function. If would take in a password and return a hashed version of that password. Rainbow tables provide an optimized method for defeating the "one-way" nature of this hash, and backing out the original password.
If you manage to get the hashed passwords ( via some database exploit, or access to the /etc/passwd or /etc/shadow file ), you could theoretically know a lot of people's passwords.
A salt adds an extra "random" factor to the mix. You need to create a random salt and store that somewhere ( with the password is ok, but separate is better ). Now one set of rainbow tables isn't enough, you suddenly need 65,536 sets of such tables ( in the case of a two-byte salt ). The salt could also be kept separate from the password, adding an extra hurdle.
Salts also help prevent users with the same passwords looking like the have the same password; the salt is usually randomly selected, and if the salts are different then the hashed passwords will be dramatically different.
I'll also point out this blog entry explaining some password basics, which I found very informative.