cryptix.tools
Class UnixCrypt
public class UnixCrypt
extends java.lang.Object
A Java-based implementation of the Unix crypt(3) function call, used
for hashing user passwords in many Unix dialects.
Based on C source code written by Eric Young (eay@psych.uq.oz.au).
The crypt(3) algorithm is
not recommended for new
applications that require password hashing and do not need to be
compatible with Unix, because it has the following weaknesses:
- Only the first 8 characters of the password are significant.
The rest is silently truncated. This may mislead the user
into thinking that an uncrackable password has been chosen,
even though the first 8 characters may be crackable.
- Only the low 7 bits of the ASCII code of each character are
used, which does not take advantage of additional entropy in
non-US-ASCII passwords.
- The salt has a total of 12 significant bits. This is not enough
to prevent a massive precomputation attack, where a dictionary
of common passwords is hashed using all 4096 salts, after which
individual passwords from the dictionary can be cracked quickly.
- The amount of computation needed is arguably not sufficient,
taking into account improvements in processor speed since the
algorithm was developed. A better approach would be to allow a
variable number of iterations, with this number being stored
with the salt.
Copyright © 1995-1997
Systemics Ltd on behalf of the
Cryptix Development Team.
All rights reserved.
$Revision: 1.5 $
- John F. Dumas (jdumas@zgs.com)
- Raif Naffah
- David Hopwood
UnixCrypt(String salt) - Constructs a UnixCrypt instance with the given salt value.
|
String | crypt(String original) - Processes original and the salt value passed in the constructor
using the crypt(3) algorithm, and returns the resulting hash as a
String.
|
static void | main(String[] args) - Calculates the hash of a salt and password given on the command line.
|
UnixCrypt
public UnixCrypt(String salt)
Constructs a UnixCrypt instance with the given salt value. If
needed this value is appended with enough A's.
If
salt
is null then "AA" is taken as the
salt value.
salt
- the salt value as a String
crypt
public String crypt(String original)
Processes original and the salt value passed in the constructor
using the crypt(3) algorithm, and returns the resulting hash as a
String.
original
- the plaintext password
main
public static void main(String[] args)
Calculates the hash of a salt and password given on the command line.
Usage:
java cryptix.tools.UnixCrypt [<salt>] <clear-password>