1CRYPT(3P)                  POSIX Programmer's Manual                 CRYPT(3P)
2
3
4

PROLOG

6       This  manual  page is part of the POSIX Programmer's Manual.  The Linux
7       implementation of this interface may differ (consult the  corresponding
8       Linux  manual page for details of Linux behavior), or the interface may
9       not be implemented on Linux.
10

NAME

12       crypt — string encoding function (CRYPT)
13

SYNOPSIS

15       #include <unistd.h>
16
17       char *crypt(const char *key, const char *salt);
18

DESCRIPTION

20       The crypt() function is a string encoding function.  The  algorithm  is
21       implementation-defined.
22
23       The  key  argument  points to a string to be encoded. The salt argument
24       shall be a string of at least two bytes in  length  not  including  the
25       null character chosen from the set:
26
27
28           a b c d e f g h i j k l m n o p q r s t u v w x y z
29           A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
30           0 1 2 3 4 5 6 7 8 9 . /
31
32       The  first two bytes of this string may be used to perturb the encoding
33       algorithm.
34
35       The return value of crypt() points to static data that  is  overwritten
36       by each call.
37
38       The crypt() function need not be thread-safe.
39

RETURN VALUE

41       Upon  successful  completion,  crypt()  shall  return  a pointer to the
42       encoded string. The first two bytes of  the  returned  value  shall  be
43       those  of  the salt argument. Otherwise, it shall return a null pointer
44       and set errno to indicate the error.
45

ERRORS

47       The crypt() function shall fail if:
48
49       ENOSYS The functionality is not supported on this implementation.
50
51       The following sections are informative.
52

EXAMPLES

54   Encoding Passwords
55       The following example finds a user database entry matching a particular
56       user  name  and  changes  the  current  password to a new password. The
57       crypt() function generates an encoded version  of  each  password.  The
58       first  call to crypt() produces an encoded version of the old password;
59       that encoded password is then compared to the password  stored  in  the
60       user  database.  The  second  call  to crypt() encodes the new password
61       before it is stored.
62
63       The putpwent() function, used in the following example, is not part  of
64       POSIX.1‐2008.
65
66
67           #include <unistd.h>
68           #include <pwd.h>
69           #include <string.h>
70           #include <stdio.h>
71           ...
72           int valid_change;
73           int pfd;  /* Integer for file descriptor returned by open(). */
74           FILE *fpfd;  /* File pointer for use in putpwent(). */
75           struct passwd *p;
76           char user[100];
77           char oldpasswd[100];
78           char newpasswd[100];
79           char savepasswd[100];
80           ...
81           valid_change = 0;
82           while ((p = getpwent()) != NULL) {
83               /* Change entry if found. */
84               if (strcmp(p->pw_name, user) == 0) {
85                   if (strcmp(p->pw_passwd, crypt(oldpasswd, p->pw_passwd)) == 0) {
86                       strcpy(savepasswd, crypt(newpasswd, user));
87                       p->pw_passwd = savepasswd;
88                       valid_change = 1;
89                   }
90                   else {
91                       fprintf(stderr, "Old password is not valid\n");
92                   }
93               }
94               /* Put passwd entry into ptmp. */
95               putpwent(p, fpfd);
96           }
97

APPLICATION USAGE

99       The  values  returned  by this function need not be portable among XSI-
100       conformant systems.
101
102       Several implementations offer extensions via characters outside of  the
103       set  specified  for  the salt argument for specifying alternative algo‐
104       rithms; while not portable, these extensions may offer better security.
105       The use of crypt() for anything other than password hashing is not rec‐
106       ommended.
107

RATIONALE

109       None.
110

FUTURE DIRECTIONS

112       None.
113

SEE ALSO

115       encrypt(), setkey()
116
117       The Base Definitions volume of POSIX.1‐2017, <unistd.h>
118

COPYRIGHT

120       Portions of this text are reprinted and reproduced in  electronic  form
121       from  IEEE Std 1003.1-2017, Standard for Information Technology -- Por‐
122       table Operating System Interface (POSIX), The Open Group Base  Specifi‐
123       cations  Issue  7, 2018 Edition, Copyright (C) 2018 by the Institute of
124       Electrical and Electronics Engineers, Inc and The Open Group.   In  the
125       event of any discrepancy between this version and the original IEEE and
126       The Open Group Standard, the original IEEE and The Open Group  Standard
127       is  the  referee document. The original Standard can be obtained online
128       at http://www.opengroup.org/unix/online.html .
129
130       Any typographical or formatting errors that appear  in  this  page  are
131       most likely to have been introduced during the conversion of the source
132       files to man page format. To report such errors,  see  https://www.ker‐
133       nel.org/doc/man-pages/reporting_bugs.html .
134
135
136
137IEEE/The Open Group                  2017                            CRYPT(3P)