Go to the first, previous, next, last section, table of contents.


DES Encryption and Password Handling

On many systems, it is unnecessary to have any kind of user authentication; for instance, a workstation which is not connected to a network probably does not need any user authentication, because to use the machine an intruder must have physical access.

Sometimes, however, it is necessary to be sure that a user is authorised to use some service a machine provides--for instance, to log in as a particular user id (see section Users and Groups). One traditional way of doing this is for each user to choose a secret password; then, the system can ask someone claiming to be a user what the user's password is, and if the person gives the correct password then the system can grant the appropriate privileges.

If all the passwords are just stored in a file somewhere, then this file has to be very carefully protected. To avoid this, passwords are run through a one-way function, a function which makes it difficult to work out what its input was by looking at its output, before storing in the file.

The GNU C library already provides a one-way function based on MD5 and for compatibility with Unix systems the standard one-way function based on the Data Encryption Standard.

It also provides support for Secure RPC, and some library functions that can be used to perform normal DES encryption.


Go to the first, previous, next, last section, table of contents.