NAME

crypt - Encrypt password using either the MD5 or the DES algorithm.

SYNOPSIS

crypt password ?salt?

DESCRIPTION

This command provides a pure Tcl solution for computing a DES encrypted password (the encryption used on most Un*x system to code the users passwords), together with MD5 password encryption. Computation of a DES password requires the des package, whereas MD5 password encryption relies on the digest package.

Selection between DES and MD5 algorithm is based on the salt parameter. MD5 is used if and only if salt starts with $1$.

NOTES

You may find this code useful if you wish , for example, to write in pure Tcl a frontend which have to compute and send to the backend such an encrypted password "from time to time" (that is not very often, typically only when a new connection is initialized). However, you will note that this implementation is particulary slow compared to its C equivalent, let alone compared to those "fcrypt" (fast crypt) implementations available (see benchmarks below). As a consequence, if your application requires many successive password encryptions, you will probably find this solution not viable, and will have to fall back to the most common (and easiest) solution, i.e. write a Tcl wrapper for a C implementation of the 'crypt' function (but then requiring compilation for each of the machine/OS your application will have to run on).

This code was originally written to preserve lisibility of the algorithm, by using high level data structures (list for example). However, this first implementation was too slow. To speed up things, the current implementation makes intensive use of 32 bits signed words. Together with an extensive use of the Tcl bytecode compiler, We got a very significant improvement compared to the initial version (about a factor 20). This is fast enough for the needs we had (computing a encrypted password only when a new session of our frontend is started), so we do not plan to make more effort for now to improve speed. It is possible (and even quite likely) that changing some data structures could lead to better performances. If you succeed in getting a significant improvement, without too much altering the code/algorithm readability, please let us know (support@evolane.fr).

BENCHMARKS

This table gives the average amounts of time (in seconds) per iteration, for 10 runs, to compute a encrypted password.

Version Tcl C.P.U. O.S. DES MD5
0.2 8.4 PIII-766Mhz Linux 2.4.19 0.077 0.489

This might help you to decide if this pure Tcl implementation is fast enough, or if the C implementation better suits your needs.

© 2000-2002 Evolane - all rights reserved.

© 2001-2002 Evolane - tous droits réservés. Pour toute remarque, envoyez un courrier électronique à webmaster@evolane.com