The Fa salt is used to induce disorder in to the DES algorithm in one of 16777216 possible ways (specifically, if bit i of the salt is set then bits i and i+24 are swapped in the DES ``E'' box output). The key is divided into groups of 8 characters (a short final group is null-padded) and the low-order 7 bits of each each character (56 bits per group) are used to form the DES key as follows: the first group of 56 bits becomes the initial DES key. For each additional group, the XOR of the group bits and the encryption of the DES key with itself becomes the next DES key. Then the final DES key is used to perform count cumulative encryptions of a 64-bit constant. The value returned is a NUL -terminated string, 20 bytes in length, consisting of the setting followed by the encoded 64-bit encryption.
For compatibility with historical versions of crypt(3), the setting may consist of 2 bytes of salt, encoded as above, in which case an iteration count of 25 is used, fewer perturbations of DES are available, at most 8 characters of key are used, and the returned value is a NUL -terminated string 13 bytes in length.
The functions, Fn encrypt , Fn setkey , Fn des_setkey and Fn des_cipher allow limited access to the DES algorithm itself. The key argument to Fn setkey is a 64 character array of binary values (numeric 0 or 1). A 56-bit key is derived from this array by dividing the array into groups of 8 and ignoring the last bit in each group.
The Fn encrypt argument Fa block is also a 64 character array of binary values. If the value of Fa flag is 0, the argument Fa block is encrypted, otherwise it is decrypted. The encryption or decryption is returned in the original array Fa block after using the key specified by Fn setkey to process it.
The Fn des_setkey and Fn des_cipher functions are faster but less portable than Fn setkey and Fn encrypt . The argument to Fn des_setkey is a character array of length 8. The least significant bit in each character is ignored and the next 7 bits of each character are concatenated to yield a 56-bit key. The function Fn des_cipher encrypts (or decrypts if Fa count is negative) the 64-bits stored in the 8 characters at Fa in using abs(3) of Fa count iterations of DES and stores the 64-bit result in the 8 characters at Fa out . The Fa salt specifies perturbations to DES as described above.
The function Fn crypt returns a pointer to the encrypted value on success and NULL on failure. The functions Fn setkey , Fn encrypt , Fn des_setkey , and Fn des_cipher return 0 on success and 1 on failure. Historically, the functions Fn setkey and Fn encrypt did not return any value. They have been provided return values primarily to distinguish implementations where hardware support is provided but not available or where the DES encryption is not available due to the usual political silliness.
The Fn crypt function leaves its result in an internal static object and returns a pointer to that object. Subsequent calls to Fn crypt will modify the same object.