crypt
Notes
- Crypt is the unix/C cryptographic hash function
- Crypt takes two parameters
- The palin text password to encrypt
- A salt.
- This produces what is believed to be a one way mapping from the password and the salt to a string of n-bits that
- The probability two different starting arguments ending up with the same output is 2-n (2-56, ≈ 1.4 x10-17) or higher
- In other words, passwords don't crypt (or hash) to the same value very often.
- It is very difficult to find the password hashes to a given string
- Small variations in the input have large variations in the output.
- The salt
- Should contain a somewhat random set of characters.
- Modern salts also contain parameters to the hash function.
- The salt
- Changes the output of the function
- This means that even if two users have the same password, their hash will be radically different.
- We will look into the salt further in the future
- Let's try some programming
- Edit firstCrypt.cpp
- Start by including unistd.h
#include &iostream> #include &unistd.h> using namespace std; int main() { return 0; } - Let's run crypt.
- Declare a password string,
string passwd{"hello"}; - And a salt
string salt{"ab"}; - Declare hash as a string
- Call crypt
- Print it out
int main() { string passwd{"hello"}; string salt {"ab"}; string hash; hash = crypt(passwd.c_str(), salt.c_str()); cout << '"' << passwd << "\" along with \"" << salt << "\" crypts to \"" << hash << '"' << endl; cout << endl; return 0; } - You need to link this against the crypt library so create a Makefile with
LDLIBS = -lcrypt all: firstCrypt - I want to experiment some, so let's make that a function
void DoCrypt(string passwd, string hash); ... void DoCrypt(string passwd, string salt){ string hash; hash = crypt(passwd.c_str(), salt.c_str()); cout << '"' << passwd << "\" along with \"" << salt << "\" crypts to \"" << hash << '"' << endl; cout << endl; } - Now we can call this from the main routine
int main() { DoCrypt("Hello", "ab"); return 0; } - Convince yourself that
- The same password with the same salt produces the same hash
- The same password with different salts produces different hashes
- Minor variations in the password with the same salt produces different hashes.
- Declare a password string,