tags:

views:

241

answers:

5
crypt(text,"k7")

I looked it up and apparently 'k7' is the salt, but I have no idea what that means nor what type of output will come from that, anyone know?

A: 

Wikipedia FTW

Bottom line: it one-way hashes text

Randolpho
+6  A: 

From the crypt Man page.

Description

crypt() is the password encryption function. It is based on the Data Encryption Standard algorithm with variations intended (among other things) to discourage use of hardware implementations of a key search.

key is a user's typed password.

salt is a two-character string chosen from the set [a-zA-Z0-9./]. This string is used to perturb the algorithm in one of 4096 different ways.

Adam Matan
+1 for being accurate and managing to use the word 'perturb' in an actual sentence describing an algorithm...
Matthew Scharley
It should be given to the author of the man page, but thanks!
Adam Matan
+1  A: 

As Randolpho points out, it's a one-way hashing process for text.

The standard use for crypt() is in storing passwords. Obviously, storing the password as plaintext would be very ill advised. Instead, crypt() is used to generate a hash of the password. When you type in your password, crypt() is applied to that, and then the two hashes are compared.

Essentially, the function of crypt() is to translate the text into some new text, from which the original can never be recovered, but which has a low probability of generating the same hash for two different keys.

Dave Gamble
A: 

C Manual - Crypt

The crypt function takes a password, key, as a string, and a salt character array which is described below, and returns a printable ASCII string which starts with another salt. It is believed that, given the output of the function, the best way to find a key that will produce that output is to guess values of key until the original value of key is found.

Paul Janaway
+3  A: 

All the other answers are correct, but so far no one has explained why the salt is there.

Wikipedia has a good page on salts and Rainbow Tables, which are the main reason why we have salts.

Without salt, crypt is basically just a one-way hashing function. If would take in a password and return a hashed version of that password. Rainbow tables provide an optimized method for defeating the "one-way" nature of this hash, and backing out the original password.

If you manage to get the hashed passwords ( via some database exploit, or access to the /etc/passwd or /etc/shadow file ), you could theoretically know a lot of people's passwords.

A salt adds an extra "random" factor to the mix. You need to create a random salt and store that somewhere ( with the password is ok, but separate is better ). Now one set of rainbow tables isn't enough, you suddenly need 65,536 sets of such tables ( in the case of a two-byte salt ). The salt could also be kept separate from the password, adding an extra hurdle.

Salts also help prevent users with the same passwords looking like the have the same password; the salt is usually randomly selected, and if the salts are different then the hashed passwords will be dramatically different.

I'll also point out this blog entry explaining some password basics, which I found very informative.

Chris Arguin