`crypt`

Notes

Read the man page for crypt"
- This is useful and we will be back to it.
- For now, note the programming aspects.
Crypt is the unix/C cryptographic hash function
Crypt takes two parameters
- The plain text password to encrypt
- A salt.
This produces what is believed to be a one way mapping from the password and the salt to a string of n-bits that
- The probability two different starting arguments ending up with the same output is 2^-n (2^-56, ≈ 1.4 x10^-17) or higher
- In other words, passwords don't crypt (or hash) to the same value very often.
- It is very difficult to find the password hashes to a given string
- Small variations in the input have large variations in the output.
The salt
- Should contain a somewhat random set of characters.
- Modern salts also contain parameters to the hash function.
The salt
- Changes the output of the function
- This means that even if two users have the same password, their hash will be radically different.
- We will look into the salt further in the future
Let's try some programming
- Edit firstCrypt.cpp
- Start by including unistd.h
```
#include <iostream>
#include <unistd.h>

using namespace std;

int main() {

    return 0;
}
```
- Let's run crypt.
  - Declare a password string, string passwd{"hello"};
  - And a salt string salt{"ab"};
  - Declare hash as a string
  - Call crypt
  - Print it out
```
int main() {
     string passwd{"hello"};
     string salt {"ab"};

     string hash;

     hash = crypt(passwd.c_str(), salt.c_str());

     cout << '"' << passwd << "\" along with \""
          << salt << "\" crypts to \"" << hash  << '"' << endl;
     cout << endl;


     return 0;
}
```
  - You need to link this against the crypt library so create a Makefile with
```
LDLIBS = -lcrypt
all: firstCrypt 
```
  - I want to experiment some, so let's make that a function
```
void DoCrypt(string passwd, string salt);
...
void DoCrypt(string passwd, string salt){
     string hash;

     hash = crypt(passwd.c_str(), salt.c_str());
     cout << '"' << passwd << "\" along with \""
          << salt << "\" crypts to \"" << hash  << '"' << endl;
     cout << endl;
}
```
  - Now we can call this from the main routine
```
int main() {
     DoCrypt("Hello", "ab");
     return 0;
}
```
  - Convince yourself that
    - The same password with the same salt produces the same hash
    - The same password with different salts produces different hashes
    - Minor variations in the password with the same salt produces different hashes.
- crypt can use different algorithms for the hash function
  - I want to look at these, but first I would like to play with a few.
  - In the notes section of the man page we see
  - ID Method Hash Length Salt Length
    
    1 MD5 22 characters 8
    
    5 SHA-256 43 characters 16
    
    6 SHA-512 86 characters 16
  - They tell us that if the salt stats with $id$ then the alternative method is used.
  - Let's try an MD5 hash
    - Add DoCrypt("hello", "$1$abcdefghijklmnop$"); to main
    - Note the additional length of the hash
    - Note that the additional characters in the salt are ignored
    - We will look at MD5 in some detail soon.
  - For SHA we can also add $id$rounds=nnnn$salt$
    - where 1000 ≤ rounds ≤999,999,999
    - The default is 5000.
    - Let's try this.
    - Add
```
     DoCrypt("hello", "$6$abcdefghijklmnop$");
     DoCrypt("hello", "$6$rounds=5000$abcdefghijklmnop$");
     DoCrypt("hello", "$6$rounds=5001$abcdefghijklmnop$");
     DoCrypt("hello", "$6$rounds=7000$abcdefghijklmnop$");
```
    - Note that the first two are the same. Why?
    - Note that more iterations changes the hash
  - Add a few SHA-512 hashes and note the length.
  - Look at the output someone else produced. Is the hashed password the same?
- We will discuss weaknesses soon

ID	Method	Hash Length	Salt Length
1	MD5	22 characters	8
5	SHA-256	43 characters	16
6	SHA-512	86 characters	16