Crypt (Unix)

This article is about the Unix encryption utility. For the password hash function, see Crypt (C).

In Unix computing, crypt is a utility program used for encryption. Due to the ease of breaking it, it is considered to be obsolete.

History

Robert Morris wrote crypt, which first appeared in Version 3 Unix, to encourage codebreaking experiments; Morris himself broke crypt by hand. Dennis M. Ritchie automated decryption with a method by James Reeds, and an improved version appeared in Version 7 which Reeds and Peter J. Weinberger also broke.^[1]

Relationship to password hash function

There is also a Unix password hash function with the same name, crypt. Though both are used for encrypting data in some sense, they are otherwise essentially unrelated. To distinguish between the two, writers often refer to the utility program as crypt(1), because it is documented in section 1 of the Unix manual pages, and refer to the password hash function as crypt(3), because its documentation is in manual section 3.

Command filter crypt(1)

crypt(1) is a simple command to encrypt or decrypt data. Usually this is used as a filter, and it has traditionally been implemented using an algorithm based on the Enigma machine. It is considered to be far too cryptographically weak to provide any security against brute force attacks by modern, commodity personal computers.

Some versions of Unix shipped with an even weaker version of the crypt(1) command in order to comply with contemporaneous laws and regulations, which limited the exportation of cryptographic software (for example by classifying them as munitions). Some of these were simply implementations of the Caesar cipher (effectively no more secure than ROT13, which is implemented as a Caesar cipher with a well known key).

crypt(1) under Linux

Linux distributions generally do not include a Unix compatible version of the crypt command. This is largely due to a combination of three major factors:

crypt is relatively obscure and rarely used for e-mail attachments nor as a file format
crypt is considered far too cryptographically weak to withstand brute force attacks by modern computing systems (Linux systems generally ship with GNU Privacy Guard which is considered to be reasonably secure by modern standards)
During the early years of Linux development and adoption there was some concern that even as weak as the algorithm used by crypt was, that it might still run afoul of ITAR's export controls; so mainstream distribution developers in the United States generally excluded it (and left their customers to fetch GnuPG or other strong cryptographic software from international sites, sometimes providing packages or scripts to automate that process).

The source code to several old versions of the crypt command is available in The Unix Heritage Society's Unix Archive.

The recent crypt source code is available in the OpenSolaris project.

Enhanced symmetric encryption utilities are available for Linux (and should also be portable to any other Unix-like system) including mcrypt and ccrypt.^[2] While these provide support for much more sophisticated and modern algorithms, they can be used to encrypt and decrypt files which are compatible with the traditional crypt(1) command by providing the correct command line options.

Breaking crypt(1) encryption

Programs for breaking crypt(1) encryption are widely available. Bob Baldwin's Crypt Breaker's Workbench,^[3] which was written in 1984-1985, is an interactive tool that provides successive plaintext guesses that must be corrected by the user. Peter Selinger's unixcrypt-breaker^[4] uses a simple statistical model to guess plausible plaintexts, and does not require user interaction.

References

↑ McIlroy, M. D. (1987). A Research Unix reader: annotated excerpts from the Programmer's Manual, 1971–1986 (PDF) (Technical report). CSTR. Bell Labs. 139.
↑ Peter Selinger: ccrypt. Retrieved July 27, 2008.
↑ Bob Baldwin: Crypt Breaker's Workbench, written 1984-1985. Retrieved July 27, 2008.
↑ Peter Selinger: unixcrypt-breaker. Retrieved July 27, 2008.

External links

Source code for crypt(1) from OpenSolaris (published after clearing up export regulations)
Source code for crypt(1) from Seventh Edition Unix (trivialised one-rotor Enigma-style machine)
Source code for crypt(1) from Sixth Edition Unix (implementation of Boris Hagelin's M-209 cryptographic machine)
Sample SHA-512-Crypt code in bash shell script and its description.

Cryptographic hash functions & message authentication codes

List Comparison Known attacks

Common functions	MD5 SHA-1 SHA-2 SHA-3 BLAKE2

SHA-3 finalists	BLAKE Grøstl JH Skein Keccak (winner)

Other functions	ECOH FSB GOST HAS-160 HAVAL Kupyna LM hash MD2 MD4 MD5 MD6 MDC-2 N-Hash RIPEMD RadioGatún SWIFFT SipHash Snefru Streebog Tiger VSH WHIRLPOOL

Key derivation functions	bcrypt crypt PBKDF2 scrypt Argon2

MAC functions	DAA CBC-MAC HMAC OMAC/CMAC PMAC VMAC UMAC Poly1305

Authenticated encryption modes	CCM CWC EAX GCM IAPM OCB

Attacks	Collision attack Preimage attack Birthday attack Brute force attack Rainbow table Side-channel attack Length extension attack

Design	Avalanche effect Hash collision Merkle–Damgård construction

Standardization	CRYPTREC NESSIE NIST hash function competition

Utilization	Hash-based cryptography Key stretching Merkle tree Message authentication Proof of work Salt

Cryptography

History of cryptography Cryptanalysis Outline of cryptography

Symmetric-key algorithm Block cipher Stream cipher Public-key cryptography Cryptographic hash function Message authentication code Random numbers Steganography

Category Portal WikiProject

This article is issued from Wikipedia - version of the 2/23/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.