crypt

encryption/decryption filter

Command

SYNOPSIS

crypt [-det] [key]

DESCRIPTION

crypt reads data from the standard input and writes it to the standard output in an encrypted (coded) form. It also decrypts (decodes) previously encrypted data.

The encryption is uniquely determined by a user-supplied key, which is an arbitrary text string. The details of the transformation depend on the key in a way that makes them difficult to derive from the output alone. You may supply the key on the command line; otherwise crypt prompts you to enter the key. When you type in the key in response to the prompt, crypt does not display it on the screen. This latter approach is recommended for security reasons, because when you specify the key on the command line, it appears in the shell's command history, whereas a key typed in response to a prompt does not.

By default, the data transformation is a simulation of a rotor machine (styled after the Enigma machine used by the German military during WWII, but simplified). This is fully compatible with the UNIX version of this command. The encryption algorithm is reflexive, so the application of crypt to its own output, with the same key, yields the original input. This is also the algorithm used by the encryption options of ed and vi.

Many methods of cryptanalysis depend on knowing that the distribution of input characters is highly skewed. This is certainly the case for ASCII text. You can frustrate these methods by making the input distribution more uniform, by first compressing the file or encrypting more than once, with unrelated keys.

Options

-d

decrypts data that was encrypted with the -e option.

-e

encrypts the input using the National Bureau of Standards' Data Encryption Standard (DES) algorithm. You can decrypt data encrypted in this way with the -d option.

Note:

The DES algorithm is not reflexive and is probably much more secure than the rotor machine; however, it is noticeably slower.

-t

attempts to decrypt the input if it appears to be encrypted; otherwise, it applies no transformations. This is a heuristic used to improve the behavior of ed and vi. However, if the first block of characters of a non-encrypted file are randomly distributed, this option may not work. You cannot use -t with either of the -d or -e options.

DIAGNOSTICS

Possible exit status values are:
0

Successful completion.

1

Failure due to any of the following:

— an invalid command line option
— too many command line arguments
— an invalid password

PORTABILITY

All UNIX systems.

However, export restrictions limit the availability of the UNIX implementation outside of the U.S.

DES encryption is unique to this implementation.

NOTE

MKS does not warrant this program to be fit for any particular purpose -- see your license agreement. If you are unable to decrypt some file for any reason (for example, you have lost the key, or mistyped it in the first place), your only recourse is cryptanalysis.

There are known methods of cryptanalytic attack on rotor machines. After all, the Allies routinely deciphered Enigma traffic about fifty years ago. The NSA is rumored to be able to decipher DES, albeit with super-computers and unlimited budgets. Security is afforded primarily by the (presumed) limits to the patience, determination and resources of the attacker.

Poorly chosen keys, such as short monocase natural-language words and familiar names are highly susceptible to systematic guessing.

Even when files are deleted their contents remain on disk, in unallocated blocks, and can readily be discovered by someone familiar with the structures and allocation strategies of the file system.

SEE ALSO

Commands:
ed, pack, vi

Updated MKS Toolkit [3khat16.ico]HP3000 [3khat16.ico]3kMail [archive16.gif]