|
|
crypt [ -k ]
Files encrypted by crypt are compatible with those treated by the editors ed(C), ex(C), and vi(C) in encryption mode.
The security of encrypted files depends on three factors: the fundamental method must be hard to solve; direct search of the key space must be infeasible; ``sneak paths'' by which keys or clear text can become visible must be minimized.
The crypt command implements a one-rotor machine designed along the lines of the German Enigma, but with a 256-element rotor. Methods of attack on such machines are known, but not widely; moreover the amount of work required is likely to be large.
The transformation of a key into the internal settings of the machine is deliberately designed to be expensive, that is, to take a substantial fraction of a second to compute. However, if keys are restricted to (say) three lower-case letters, then encrypted files can be read by expending only a substantial fraction of five minutes of machine time.
If the key is an argument to the crypt
command, it is potentially visible to users executing
ps(C)
or a derivative. To minimize this possibility, crypt
takes care to destroy any record of the key immediately upon entry.
The choice of keys and key security are the most vulnerable aspect of
crypt.
When the file gibberish is unencrypted, crypt demands the key
(password) from the user if it is not given on the command line. The
output may be written to the terminal:
crypt < gibberish
to the printer:
crypt < gibberish | lp
or to a file:
crypt < gibberish > confidential
You can use crypt as the basis of a password mechanism by testing whether the unencrypted file (confidential) and the original file (top_secret) are the same:
cmp -s top_secret confidential if [ $? = 0 ] then echo "Password verified - Welcome" else echo "Password incorrect!" fi
Distribution of the crypt libraries and utilities is regulated by the U.S. Government and they are not available to sites outside the United States (including territories) and Canada. Because we cannot control the destination of the software, these utilities are not included in the standard product. If your site is within the U.S., its territories, or Canada, you can obtain the crypt software through your product distributor or reseller.