TacUnixCrypt component
Hierarchy Properties Example
|
TacUnixCrypt component
Hierarchy Properties Example |
|
| The acUnixCrypt component is the ultra fast crypt implementation for Delphi/C++ Builder. It works exactly as crypt(key, salt) Unix comand (one-way encryption algorithm), which used to encrypt passwords in .htpasswd files in password protected Web directories.
|
| acUnixCrypt is the password encryption component. It is based on the Data Encryption Standard algorythm with variations intended (among other things) to discourage use of hardware implementations of a key search.
|
|
|
| Key property is a user's typed password. Salt is a two characters string chosen from the set [a-zA-Z0-9./]. This string is used to perturb the algo-encrypt repeatedly a constant string (usually a string consisting of all zeros).
|
|
|
| The returned value (Result property) is the encrypted password, a series of 13 printable ASCII characters (the first two characters represent the salt itsef).
|
| Drop component on your form, specify password in Key property, put any two cahracters to Salt property and get encrypted password from Result. You can play with it even at design-time.
|
|
|
| Since the acUnixCrypt component uses one-way encryption algorithm, there is no way to decrypt the keys. For authentication you can only compare two encrypted passwords.
|
| procedure TForm1.AuthenticationBtnClick(Sender: TObject);
|
| begin
|
| // we'd like to take salt from two first characters of username
|
| acUnixCrypt1.Salt := Copy(RealUsername, 1, 2);
|
| // asking for password
|
| acUnixCrypt1.Key := InputBox('Authentication',
|
| 'Enter password:', '');
|
| // comparing two encrypted passwords
|
| if acUnixCrypt.Result <> RealCryptedPassword then
|
| begin
|
| ShowMessage('Authentication Failed!');
|
| Application.Terminate;
|
| end;
|
| end;
|
| The key space consists of 2**56 equal 7.2e16 possible values. Exhaustive searches of this key space are possible using massively parallel computers. Software (cracks), is available which will search for portions of this key space that is generally used by humans for password. Hence, password selection should, at minimum, avoid common words and names.
|
|
|
| The DES algorithm itself has a few quirks which make the use of the crypt interface a very poor choice for anything other than password authentication. If you are planning on using crypt interface for a cryptography project, don't do it: get a good book on encryption.
|