www.delorie.com/gnu/docs/glibc/libc_659.html   search  
 
Buy the book!


The GNU C Library

[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

32. DES Encryption and Password Handling

On many systems, it is unnecessary to have any kind of user authentication; for instance, a workstation which is not connected to a network probably does not need any user authentication, because to use the machine an intruder must have physical access.

Sometimes, however, it is necessary to be sure that a user is authorized to use some service a machine provides--for instance, to log in as a particular user id (see section 29. Users and Groups). One traditional way of doing this is for each user to choose a secret password; then, the system can ask someone claiming to be a user what the user's password is, and if the person gives the correct password then the system can grant the appropriate privileges.

If all the passwords are just stored in a file somewhere, then this file has to be very carefully protected. To avoid this, passwords are run through a one-way function, a function which makes it difficult to work out what its input was by looking at its output, before storing in the file.

The GNU C library already provides a one-way function based on MD5 and for compatibility with Unix systems the standard one-way function based on the Data Encryption Standard.

It also provides support for Secure RPC, and some library functions that can be used to perform normal DES encryption.

32.1 Legal Problems  This software can get you locked up, or worse.
32.2 Reading Passwords  Prompting the user for a password.
32.3 Encrypting Passwords  A one-way function for UNIX passwords.
32.4 DES Encryption  Routines for DES encryption.


[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

  webmaster     delorie software   privacy  
  Copyright 2003   by The Free Software Foundation     Updated Jun 2003