crypt()

Encrypts the transferred text.

Synopsis

string crypt(string text [, int isVersion = 2 [, int iterations = 0]]);

Parameters

Parameter Meaning
string Text to be encrypted.
isVersion

Defines the format of the encrypted text:

1 = first generation hash format.

2 = second generation hash format (Default)

3 = third generation hash format

Important: The formats 1, 2 and 3 are deprecated

4 = format 4 with "fourth generation hash format" format.

-1 = the latest state-of-the-art format is used.

The crypt() function automatically downgrades to the maximum permitted version. So if the config entry limitCryptVersion=3 in the [general] section, then crypt("pwd", 4) generates the same hash format as crypt("pwd", 3).

iterations Iterations is only used for formats 3 and 4. The default value is 100000.

Return Value

The return value is a string which consists of printable ASCII characters.

isVersion =1: returns a string with 11 characters.

  • isVersion =2: returns a string with 12 characters.
  • isVersion =3: returns a string with 61 characters.
  • In case of isVersion =1, the function always returns the same value for the same to-be encrypted text.
  • In case of isVersion =2, the function always returns the same value for the same to-be encrypted text.
  • In case of isVersion =3, the function may return different values if the same to-be encrypted text is called several times.
  • If openSSL does not exist, an alarm message appears when the function crypt(text,3) is called and a second generation hash is triggered.
  • isVersion =3 is the PKCS5 conform password hashing of the crypt function, it returns a different hash each time when the function crypt() is called, even if it is for the same string.
  • isVersion =4 is the PKCS5 conform password hashing of the crypt function, it returns a different hash each time when the function crypt() is called, even if it is for the same string. The algorithm is SHA256, and the salt and result length are 32 bytes. The overall length of the result is 111.

Description

The crypt() function hashes the transmitted text. For versions s1 and 2 ( deprecated!), a maximum of 63 characters are taken into account and processing is carried out according to the "Proposed Federal Information Processing Data Encryption Standard" (DES);

For versions 3 and 4, the text length limit is 2000000000 (2 GB). Processing is carried out using PBKDF2 ("Password-Based Key Derivation Function 2") of the "Public-Key Cryptography Standards of RSA-Laboratories".

Version 3 implements the algorithm with SHA1 hashing,

Version 4 implements the algorithm with SHA256 hashing.

crypt() is used in WinCC OA for hashing passwords and similar cases. The user passwords are stored in the database in hashed form. To check their validity, you need the corresponding function checkCrypt (compares plain text password with hashed value) or checkPassword (compares plain text password with user-related information).

main()
{
  string passw;
  passw = crypt("MYPERSONALPASSWORT",3);
  DebugN(passw);
  passw = crypt("MYPERSONALPASSWORT",2);
  DebugN(passw);
  passw = crypt("MYPERSONALPASSWORT",1);
  DebugN(passw);
}

The crypt() function hashes the transmitted text. Here the version 4 is being used. The version 4 implements the algorithm with SHA256 hashing.

main(mapping event)
{        
  int iter;
  string retHashedPw;
  retHashedPw = crypt("MYPERSONALPASSWORT",4, iter);
  DebugN(retHashedPw);
}        

The output of the code:

WCCOAui1:["#PBKDF2#SHA256#HkaZGGPHz9wpTDnUjhtk5oE7yqGjHIUc1NMt6wiGcIM=#1#09SidkUuc7ljj+F5Ewgp1gnRXhD5A2ajLIa3QNlYn9Q="]
Table 1. The output format of the function
The output format

part 1

function

"PBKDF2"

part 2 algorithm

"SHA256"

part 3 salt

(32 bytes)

part 4

iterations

part 5 hash result

(32 bytes)

For format details, see also Wikipedia.

Assignment

Miscellaneous functions

Availability

CTRL