What does crypt() do in C?

Question

crypt(text,"k7")

I looked it up and apparently 'k7' is the salt, but I have no idea what that means nor what type of output will come from that, anyone know?

Answer 1

From the crypt Man page.

Description

crypt() is the password encryption function. It is based on the Data Encryption Standard algorithm with variations intended (among other things) to discourage use of hardware implementations of a key search.

key is a user's typed password.

salt is a two-character string chosen from the set [a-zA-Z0-9./]. This string is used to perturb the algorithm in one of 4096 different ways.

Answer 2

All the other answers are correct, but so far no one has explained why the salt is there.

Wikipedia has a good page on salts and Rainbow Tables, which are the main reason why we have salts.

Without salt, crypt is basically just a one-way hashing function. It would take in a password and return a hashed version of that password. Rainbow tables provide an optimized method for defeating the "one-way" nature of this hash, and backing out the original password.

If you manage to get the hashed passwords ( via some database exploit, or access to the /etc/passwd or /etc/shadow file ), you could theoretically know a lot of people's passwords.

A salt adds an extra "random" factor to the mix. You need to create a random salt and store that somewhere ( with the password is OK, but separate is better ). Now one set of rainbow tables isn't enough, you suddenly need 65,536 sets of such tables ( in the case of a two-byte salt ). The salt could also be kept separate from the password, adding an extra hurdle.

Salt also help prevent users with the same passwords looks like have the same password; the salt is usually randomly selected, and if the salts are different then the hashed passwords will be dramatically different.

I'll also point out this blog entry explaining some password basics, which I found very informative.