Man page - crypt(3)
Packages contains this manual
Available languages:
en fr pl tr ja deManual
CRYPT
å åæ¸ åŧ
čĒŦ æ
čŋ ã å¤
㨠㊠ãŧ
åą æ§
æē æ
æŗ¨ æ
Availability in glibc
Features in glibc
éĸ éŖ é įŽ
ã ㎠æ æ¸ ãĢ 㤠ã ãĻ
å å
crypt, crypt_r - ã 㚠㯠ãŧ ã 㨠ã ãŧ ãŋ ㎠æ åˇ å
æ¸ åŧ
#define
_XOPEN_SOURCE
/* feature_test_macros(7) å
į
§ */
#include <unistd.h>
char *crypt(const char * key , const char * salt );
#define
_GNU_SOURCE
/* feature_test_macros(7) å į
§
*/
#include <crypt.h>
char
*crypt_r(const char *
key
, const char
*
salt
,
struct crypt_data *
data
);
-lcrypt 㧠ãĒ ãŗ 㯠ã ã ã
čĒŦ æ
crypt () 㯠ã 㚠㯠ãŧ ã æ åˇ å éĸ æ° ã§ ã ã ã éĩ æĸ į´ĸ ㎠ã ãŧ ã ãĻ 㧠ãĸ ãĢ ã ã åŽ čŖ ã åĻ¨ ã ã ã ã ãĢ (ã ㎠äģ ãĢ ã ã ã ã ã ) å¤ æ´ ã ã Data Encryption Standard ãĸ ãĢ ã´ ãĒ ãē ã ã å ãĢ ã ãĻ ã ã ã
key 㯠ãĻ ãŧ ãļ ãŧ ã å Ĩ å ã ã ã 㚠㯠ãŧ ã 㧠ã ã ã
salt 㯠é å [ a-zA-Z0-9./ ] ã ã é¸ ã° ã ã 2 æ å ㎠æ å å 㧠ã ã ã ã ㎠æ å å 㯠ãĸ ãĢ ã´ ãĒ ãē ã ㎠åē å ã 4096 é ã ãĢ ã ã äšą ã ㎠ãĢ äŊŋ ã ã ã ã
key ㎠æ å ㎠8 æ å ㎠å æ å ã ã ä¸ äŊ 7 ã ã ã ã 㨠ãŖ ãĻ 56 ã ã ã ㎠éĩ ã åž ã ã ã ã ã ㎠56 ã ã ã ㎠éĩ 㯠įš åŽ ãŽ æ å å (ãĩ 㤠ã 㯠ã ãš ãĻ 0 ㎠æ å å ) ã įš° ã čŋ ã æ åˇ å ã ã ㎠ãĢ į¨ ã ã ã ã ã čŋ ã å¤ ã¯ æ åˇ å ã ã ã ã 㚠㯠ãŧ ã 㸠㎠ã 㤠ãŗ ãŋ ãŧ 㧠ã 13 ãŽ å° å å¯ čŊ ãĒ ASCII æ å ã ã ãĒ ã (æ å ㎠2 æ å 㯠salt ã ㎠ã ㎠)ã čŋ ã å¤ ã¯ ã éĸ æ° åŧ åē ã ㎠ã ãŗ ãĢ ä¸ æ¸ ã ã ã ã é į ãĒ ã ãŧ ãŋ 㸠㎠ã 㤠ãŗ ãŋ ãŧ 㧠ã ã ã
čĻ å : éĩ įŠē é 㯠2**56 = 7.2e16 ãŽ å¯ čŊ ãĒ å¤ ã ã æ ã ã ã ㎠éĩ įŠē é ãŽ å ¨ æĸ į´ĸ 㯠åŧˇ å ãĒ ä¸Ļ å č¨ įŽ æŠ ã äŊŋ ã ã° å¯ čŊ 㧠ã ã ã ãž ã crack (1) ㎠ã ã ãĒ ãŊ ã ã ãĻ 㧠ãĸ 㯠ã ㎠éĩ įŠē é ãŽ ä¸ ã§ ã å¤ ã ㎠äēē ãĢ ã 㚠㯠ãŧ ã 㨠ã ãĻ äŊŋ ã ã ã ã ã ãĒ éĩ ãĢ 㤠ã ãĻ ãŽ å ¨ æĸ į´ĸ ã å¯ čŊ 㧠ã ã ã ã ã ã ã ã ã 㚠㯠ãŧ ã ã é¸ æ ã ã 㨠ã ãĢ 㯠ã ã ã ãĒ ã 㨠ã ã ä¸ čŦ į ãĢ äŊŋ ã ã ã å čĒ 㨠å å 㯠éŋ ã ã ãš ã 㧠ã ã ã passwd (1) ã äŊŋ ã æ ãĢ 㯠㯠㊠ã 㯠ã ã ã ã ã 㚠㯠ãŧ ã ãĢ 㤠ã ãĻ ãŽ æ¤ æģ ã ã ã ã 㨠ã æ¨ åĨ¨ ã ã ã ã
DES ãĸ ãĢ ã´ ãĒ ãē ã ãĢ 㯠ã ã 㤠ã ㎠į ã ã ã ã ã ã ãĢ ã ãŖ ãĻ ã 㚠㯠ãŧ ã čĒ č¨ŧ äģĨ å¤ ãĢ crypt () ã äŊŋ ã ㎠㯠ã ã 㸠ã ã ã ãĒ ã é¸ æ 㨠ãĒ ãŖ ãĻ ã ã ã ã ã crypt () ã æ åˇ ã ã 㸠㧠㯠ã ãĢ äŊŋ ã ã 㨠ã ã æĄ ã ã ãŖ ãĻ ã ã ãĒ ã ã° ã ã ã 㯠ã ã ã ãģ ã ã ã ã ã æ åˇ å ãĢ 㤠ã ãĻ ㎠ã ã æŦ 㨠čĒ° 㧠ã å Ĩ æ 㧠ã ã DES ㊠㤠ã ㊠ãĒ ãŽ ã˛ ã¨ ã¤ ã æ ãĢ ã ã ã ãš ã ã ã
crypt_r () 㯠crypt () ㎠å å Ĩ å¯ čŊ į 㧠ã ã ã data 㧠į¤ē ã ã ã æ§ é äŊ 㯠įĩ æ ã ãŧ ãŋ ㎠äŋ å 㨠æ å ą ㎠įŽĄ į ãĢ äŊŋ ã ã ã ã ã ãŽ æ§ é äŊ ãĢ 寞 ã ãĻ (ãĄ ãĸ ãĒ ãŧ ã å˛ ã åŊ ãĻ ã ã 㨠äģĨ å¤ ãĢ )åŧ ãŗ åē ã å ã ã ã ãš ã å¯ ä¸ ãŽ ã 㨠㯠ã crypt_r () ㎠å å ㎠åŧ ãŗ åē ã ㎠å ãĢ data->initialized ã ãŧ ã ãĢ ã ã ã 㨠ã ã 㧠ã ã ã
čŋ ã å¤
æ å ãŽ å ´ å ãĢ 㯠ã æ åˇ å ã ã ã ã 㚠㯠ãŧ ã 㸠㎠ã 㤠ãŗ ãŋ ãŧ ã čŋ ã ã ã ã 㨠㊠ãŧ ãŽ å ´ å ãĢ 㯠NULL ã čŋ ã ã ã ã
㨠㊠ãŧ
|
EINVAL |
salt ã é é ãŖ ã ã ㊠ãŧ ã ã ã 㧠ã ã ã |
||
|
ENOSYS |
crypt () éĸ æ° ã åŽ čŖ ã ã ãĻ ã ãĒ ã ã å¤ å ãĸ ãĄ ãĒ ãĢ ㎠čŧ¸ åē čĻ åļ ㎠ã ã ãĢ ã |
||
|
EPERM |
/proc/sys/crypto/fips_enabled ã 0 㧠ãĒ ã å¤ ã§ ã DES ãĒ ㊠㎠åŧą ã æ åˇ ãŋ 㤠ã ã åŠ į¨ ã ã ã 㨠ã ã ã |
åą æ§
ã ㎠į¯ 㧠äŊŋ į¨ ã ã ãĻ ã ã į¨ čĒ ㎠čĒŦ æ ãĢ 㤠ã ãĻ 㯠ã attributes (7) ã å į § ã
æē æ
crypt (): POSIX.1-2001, POSIX.1-2008, SVr4, 4.3BSD. crypt_r () 㯠GNU æĄ åŧĩ 㧠ã ã ã
æŗ¨ æ
Availability in glibc
The crypt (), encrypt (3), and setkey (3) functions are part of the POSIX.1-2008 XSI Options Group for Encryption and are optional. If the interfaces are not available, then the symbolic constant _XOPEN_CRYPT is either not defined, or it is defined to -1 and availability can be checked at run time with sysconf (3). This may be the case if the downstream distribution has switched from glibc crypt to libxcrypt . When recompiling applications in such distributions, the programmer must detect if _XOPEN_CRYPT is not available and include <crypt.h> for the function prototypes; otherwise libxcrypt is an ABI-compatible drop-in replacement.
Features in glibc
ã ㎠éĸ æ° ãŽ glibc į 㯠čŋŊ å ㎠æ åˇ å ãĸ ãĢ ã´ ãĒ ãē ã ãĢ 寞 åŋ ã ãĻ ã ã ã
If salt is a character string starting with the characters "$ id $" followed by a string optionally terminated by "$", then the result has the form:
$ id $ salt $ encrypted
DES ã äŊŋ ã äģŖ ã ã ãĢ ã id 㧠äŊŋ į¨ ã ã æ åˇ å æ æŗ ã č åĨ ã ã ã ã ã ã 㚠㯠ãŧ ã æ å å ãŽ æŽ ã ãŽ é¨ å ã č§Ŗ é ã ã æš æŗ ã æąē åŽ ã ã ã id ãŽ å¤ ã¨ ã ãĻ ã äģĨ ä¸ ãŽ å¤ ãĢ 寞 åŋ ã ãĻ ã ã :
Thus, $5$ salt $ encrypted and $6$ salt $ encrypted contain the password encrypted with, respectively, functions based on SHA-256 and SHA-512.
" salt " stands for the up to 16 characters following "$ id $" in the salt. The " encrypted " part of the password string is the actual computed password. The size of this string is fixed:
" salt " 㨠" encrypted " ㎠æ å 㯠[ a-zA-Z0-9./ ] ㎠é å ã ã é¸ ã° ã ã ã MD5 㨠SHA ãŽ åŽ čŖ 㧠㯠ã key å ¨ äŊ ã æ åŗ ã ã ã (DES ãŽ å ´ å ãĢ 㯠æ å ㎠8 æ å ã ã ãĢ æ åŗ ã ã ã )ã
Since glibc 2.7, the SHA-256 and SHA-512 implementations support a user-supplied number of hashing rounds, defaulting to 5000. If the "$ id $" characters in the salt are followed by "rounds= xxx $", where xxx is an integer, then the result has the form
$ id $ rounds=yyy $ salt $ encrypted
where yyy is the number of hashing rounds actually used. The number of rounds actually used is 1000 if xxx is less than 1000, 999999999 if xxx is greater than 999999999, and is equal to xxx otherwise.
éĸ éŖ é įŽ
login (1), passwd (1), encrypt (3), getpass (3), passwd (5)
ã ㎠æ æ¸ ãĢ 㤠ã ãĻ
ã ㎠man ã ãŧ 㸠㯠Linux man-pages ã ã 㸠㧠㯠ã ㎠ãĒ ãĒ ãŧ ãš 5.10 ãŽ ä¸ é¨ ã§ ã ã ã ã ã 㸠㧠㯠ã ㎠čĒŦ æ 㨠ã ã° å ą å ãĢ éĸ ã ã æ å ą 㯠https://www.kernel.org/doc/man-pages/ ãĢ æ¸ ã ã ãĻ ã ã ã