DES vs. UNIX Crypt
Keywords: des,crypt,security
Versions:
According to the man page, crypt uses 25 rounds of DES for password hashing where the DES algorithm is "perturbed" by the salt.
This is what perturbed means:
Each round one half of the message (32 bits) is expanded to 48 bits. In normal DES these 48 bits are xor'ed with the round key and afterwards reduced back to 32 bits using the s-boxes. In the crypt modification the expanded 48 bits are permutated before being fed into the xor.
This is done by switching bits 0-11 with 24-35 if the corresponding bit in salt is set.
Or in C:
for (i = 0; i < 12; i++) if (salt[i]) { tmp = e[i]; e[i] = e[24 + i]; e[24 + i] = tmp; }(e = 48 bits after expansion; salt = 12 salt bits; each array entry represents one bit)
Or in VHDL:
salted <= ((e(24 to 35) and salt) or (e(0 to 11) and not salt)) & e(12 to 23) & ((e(0 to 11) and salt) or (e(24 to 35) and not salt)) & e(36 to 47);
Related notes for 'crypt':
Encrypted DVDs
Encrypted DVDs - mount / umount toggle script
Related notes for 'security':
Encrypted DVDs
Comments