[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Making Linux use Blowfish for passwd/shadow encryption



On Thu, Sep 25, 2003 at 08:14:51PM +0200, Thorsten Kukuk wrote:
> On Wed, Sep 24, Ethan Benson wrote:
> > On Wed, Sep 24, 2003 at 06:34:58PM +0400, Solar Designer wrote:> On Wed, Sep 24, 2003 at 06:34:58PM +0400, Solar Designer wrote:
> 
> > > 	http://www.openwall.com/crypt/
> > > 	http://www.openwall.com/tcb/
> > 
> > is there any particular reason more distros haven't adopted these
> > patches?  all the major players already distribute strong crypto so
> > that can't be the reason...
> 
> SuSE Linux has it since 8.0.

I didn't know, thank you!  I've updated the web page to mention that.
Does this describe your use of bcrypt password hashing correctly, --

   crypt_blowfish is fully integrated into Owl and distributions by
   ALT Linux team, as the default password hashing scheme. It is a
   part of the glibc package on ASPLinux and SuSE.

I've downloaded glibc-2.3.2-6.src.rpm from SuSE 8.2 and looked at it
briefly.  I notice that you disable the x86 assembly code in
crypt_blowfish, why?  There was a thread-safety problem in that code
which has since been corrected, so you could want to update to
crypt_blowfish 0.4.5 and re-enable that code:

* Fri Nov 08 2002 Solar Designer <solar owl openwall com>
- Made the x86 assembly code in crypt_blowfish reentrant (this time for
real), added a test for proper operation with multiple threads, made
crypt_blowfish more careful about overwriting sensitive data.

-- 
Alexander




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]