|
Information Security
< Previous Next >
re: General Encryption
Ryan Pierce / Townsend Analytics Ltd. / Archipelago LLC
21 Aug 2001 6:32PM ET> - If you use Unix, I believe the OS-included "crypt" function and "crypt()" C function call is equivalent to FIX's "Standard DES" (tag 98 value 2), but not absolutely certain.
It is my understanding that the Unix crypt() function is for use primarily for password hashing (i.e. /etc/passwd). It is not standard DES. This was done so that commercially available DES cracking chips could not be used to accelerate cracking /etc/passwd.
From the Linux man page for crypt():
The DES algorithm itself has a few quirks which make the
use of the crypt(3) interface a very poor choice for any-
thing other than password authentication. If you are
planning on using the crypt(3) interface for a cryptogra-
phy project, don't do it: get a good book on encryption
and one of the widely available DES libraries.
The Unix crypt command has nothing at all to do with DES. It uses a simplified version of the German Enigma cypher with a 256 element rotor and reflector. It is considered trivial to break, and doesn't need all that much compute power to do so.
re: General Encryption
Ryan Pierce / Townsend Analytics Ltd. / Archipelago LLC 21 Aug 2001 6:32PM ET
|
