Traditional password crypt function

The standard AIX® authentication mechanism uses a one-way hash function called crypt to authenticate users. The crypt function is a modified DES algorithm. It performs a one-way encryption of a fixed data array with the supplied password and a Salt.

The crypt function uses only the first eight characters from the password string; the user's password is truncated to eight characters. If the password contains less than eight characters, it is padded with zero bits on the right. The 56-bit DES key is derived by using the 7 bits from each character.

Salt is a two-character string (the 12 bits of the Salt is used to perturb the DES algorithm) chosen from the character set "A-Z", "a-z","0-9","."(period) and "/". Salt is used to vary the hashing algorithm, so that the same clear text password can produce 4,096 possible password encryptions. A modification to the DES algorithm, swapping bits i and i+24 in the DES E-Box output when bit i is set in the Salt, achieves this while also making DES encryption hardware useless for password guessing.

The 64-bit all-bits-zero block is encrypted 25 times with the DES key. The final output is the 12-bit salt concatenated with the encrypted 64-bit value. The resulting 76-bit value is recoded into 13 printable ASCII characters in the form of base64.