4

Overlooking the weak security provided by DES, I'm looking for a C# implementation of the Unix crypt() function that uses classes/methods in the .net framework's Cryptography namespace.

I found this: http://www.codeproject.com/Articles/9183/A-C-implementation-of-Unix-crypt

But I'm wondering if there's a shorter solution using DESCryptoServiceProvider, etc.

jbtule
  • 31,383
  • 12
  • 95
  • 128
Suraj
  • 35,905
  • 47
  • 139
  • 250
  • probably the .Net framework developers could not bring themselves to implement something so insecure :-) – explunit Mar 19 '13 at 13:14

2 Answers2

4

An implementation of Unix crypt you mentioned is rather slow.

Here is a standalone lightweight and pretty efficient implementation of crypt(3) written in C# that leverages Span<T> type to hold and transform data.

roxton
  • 1,446
  • 10
  • 9
2

Both traditional and extended DES crypt salting permute the result of the expansion function. For every bit i set in the salt, they swap bits i and i+24 of the expansion function result.

Because this occurs mid-round, unless the salt is zero (meaning no permutation occurs), it is not possible to use the framework cryptography.

Still, reimplementing DES doesn't take more than a kilobyte or two. My CryptSharp library implements traditional and extended DES, MD5, SHA256, SHA512, and bcrypt algorithms. For the MD5 and both SHA crypt methods (methods $1$, $5$, and $6$), it uses the framework cryptography. If you aren't bound to using the DES crypt method, take a look at ShaCrypter.cs -- it's fairly short.

James
  • 1,874
  • 1
  • 16
  • 18
  • Well done with CryptSharp. I just wish it was a bit faster. I guess that's the .net framework kicking in. I ran jtr (john the ripper) on the same machine with much much higher performance. – Robert Cutajar Jun 20 '14 at 10:32
  • I tried to use CryptSharp `Crypter.TraditionalDes.Crypt(pwd,salt);`. I need to use a 4 digit salt but it says "Invalid salt." - what are the requirements for the salt? – mike nelson Jun 22 '23 at 00:19