unixcrypt TacUnixCrypt component
Hierarchy Properties Example
Return to Introduction  Previous page  Next page
Overview
The acUnixCrypt component is the ultra fast crypt implementation for Delphi/C++ Builder. It works exactly as crypt(key, salt) Unix comand (one-way encryption algorithm), which used to encrypt passwords in .htpasswd files in password protected Web directories.  

Description
acUnixCrypt is the password encryption component. It is based on the Data Encryption Standard algorythm with variations intended (among other things) to discourage use of hardware implementations of a key search.  
 
Key property is a user's typed password. Salt is a two characters string chosen from the set [a-zA-Z0-9./]. This string is used to perturb the algo-encrypt repeatedly a constant string (usually a string consisting of all zeros).  
 
The returned value (Result property) is the encrypted password, a series of 13 printable ASCII characters (the first two characters represent the salt itsef).  

How to use?
Drop component on your form, specify password in Key property, put any two cahracters to Salt property and get encrypted password from Result. You can play with it even at design-time.  
 
Since the acUnixCrypt component uses one-way encryption algorithm, there is no way to decrypt the keys. For authentication you can only compare two encrypted passwords.  

Example
procedure TForm1.AuthenticationBtnClick(Sender: TObject);  
begin  
  // we'd like to take salt from two first characters of username  
  acUnixCrypt1.Salt := Copy(RealUsername, 12);  
  // asking for password  
  acUnixCrypt1.Key := InputBox('Authentication',  
                               'Enter password:''');  
  // comparing two encrypted passwords  
  if acUnixCrypt.Result <> RealCryptedPassword then  
   begin  
    ShowMessage('Authentication Failed!');  
    Application.Terminate;  
   end;  
end;  

Warning
The key space consists of 2**56 equal 7.2e16 possible values. Exhaustive searches of this key space are possible using massively parallel computers. Software (cracks), is available which will search for portions of this key space that is generally used by humans for password. Hence, password selection should, at minimum, avoid common words and names.  
 
The DES algorithm itself has a few quirks which make the use of the crypt interface a very poor choice for anything other than password authentication. If you are planning on using crypt interface for a cryptography project, don't do it: get a good book on encryption.