crypt

Notes

• Crypt is the unix/C cryptographic hash function
• Crypt takes two parameters
  • The palin text password to encrypt
  • A salt.
• This produces what is believed to be a one way mapping from the password and the salt to a string of n-bits that
  • The probability two different starting arguments ending up with the same output is 2^-n (2^-56, ≈ 1.4 x10^-17) or higher
  • In other words, passwords don't crypt (or hash) to the same value very often.
  • It is very difficult to find the password hashes to a given string
  • Small variations in the input have large variations in the output.
• The salt
  • Should contain a somewhat random set of characters.
  • Modern salts also contain parameters to the hash function.
• The salt
  • Changes the output of the function
  • This means that even if two users have the same password, their hash will be radically different.
  • We will look into the salt further in the future
• Let's try some programming
  • Edit firstCrypt.cpp
  • Start by including unistd.h

    #include &iostream>
    #include &unistd.h>
    
    using namespace std;
    
    int main() {
    
        return 0;
    }

  • Let's run crypt.
    • Declare a password string, string passwd{"hello"};
    • And a salt string salt{"ab"};
    • Declare hash as a string
    • Call crypt
    • Print it out

      int main() {
           string passwd{"hello"};
           string salt {"ab"};
      
           string hash;
      
           hash = crypt(passwd.c_str(), salt.c_str());
      
           cout << '"' << passwd << "\" along with \""
                << salt << "\" crypts to \"" << hash  << '"' << endl;
           cout << endl;
      
      
           return 0;
      }

    • You need to link this against the crypt library so create a Makefile with

      LDLIBS = -lcrypt
      all: firstCrypt 

    • I want to experiment some, so let's make that a function

      void DoCrypt(string passwd, string hash);
      ...
      void DoCrypt(string passwd, string salt){
           string hash;
      
           hash = crypt(passwd.c_str(), salt.c_str());
           cout << '"' << passwd << "\" along with \""
                << salt << "\" crypts to \"" << hash  << '"' << endl;
           cout << endl;
      }

    • Now we can call this from the main routine

      
      int main() {
           DoCrypt("Hello", "ab");
           return 0;
      }

    • Convince yourself that
      • The same password with the same salt produces the same hash
      • The same password with different salts produces different hashes
      • Minor variations in the password with the same salt produces different hashes.