crypt' mechanism
Contributed by Garrett Wollman
<wollman@FreeBSD.ORG>
24 September 1995.
In order to protect the security of passwords on UN*X systems from being easily exposed, passwords have traditionally been scrambled in some way. Starting with Bell Labs' Seventh Edition Unix, passwords were encrypted using what the security people call a ``one-way hash function''. That is to say, the password is transformed in such a way that the original password cannot be regained except by brute-force searching the space of possible passwords. Unfortunately, the only secure method that was available to the AT&T researchers at the time was based on DES, the Data Encryption Standard. This causes only minimal difficulty for commercial vendors, but is a serious problem for an operating system like FreeBSD where all the source code is freely available, because national governments in many places like to place restrictions on cross-border transport of DES and other encryption software.
So, the FreeBSD team was faced with a dilemma: how could we provide
compatibility with all those UNIX systems out there while still not
running afoul of the law? We decided to take a dual-track approach:
we would make distributions which contained only a non-regulated
password scrambler, and then provide as a separate add-on library the
DES-based password hash. The password-scrambling function was moved
out of the C library to a separate library, called `libcrypt'
because the name of the C function to implement it is
`crypt'. In FreeBSD 1.x and some pre-release 2.0 snapshots,
the non-regulated scrambler uses an insecure function written by Nate
Williams; in subsequent releases this was replaced by a mechanism
using the RSA Data Security, Inc., MD5 one-way hash function. Because
neither of these functions involve encryption, they are believed to be
exportable from the US and importable into many other countries.
Meanwhile, work was also underway on the DES-based password hash
function. First, a version of the `crypt' function which was
written outside the US was imported, thus synchronizing the US and
non-US code. Then, the library was modified and split into two; the
DES `libcrypt' contains only the code involved in performing
the one-way password hash, and a separate `libcipher' was
created with the entry points to actually perform encryption. The
code was partitioned in this way to make it easier to get an export
license for the compiled library.
crypt' mechanismcrypt' mechanism