[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Making Linux use Blowfish for passwd/shadow encryption



On Thu, Sep 25, Solar Designer wrote:

> On Thu, Sep 25, 2003 at 08:14:51PM +0200, Thorsten Kukuk wrote:
> > On Wed, Sep 24, Ethan Benson wrote:
> > > On Wed, Sep 24, 2003 at 06:34:58PM +0400, Solar Designer wrote:> On Wed, Sep 24, 2003 at 06:34:58PM +0400, Solar Designer wrote:
> > 
> > > > 	http://www.openwall.com/crypt/
> > > > 	http://www.openwall.com/tcb/
> > > 
> > > is there any particular reason more distros haven't adopted these
> > > patches?  all the major players already distribute strong crypto so
> > > that can't be the reason...
> > 
> > SuSE Linux has it since 8.0.
> 
> I didn't know, thank you!  I've updated the web page to mention that.
> Does this describe your use of bcrypt password hashing correctly, --
> 
>    crypt_blowfish is fully integrated into Owl and distributions by
>    ALT Linux team, as the default password hashing scheme. It is a
>    part of the glibc package on ASPLinux and SuSE.

... and SuSE Linux.

Not only SuSE.

> I've downloaded glibc-2.3.2-6.src.rpm from SuSE 8.2 and looked at it
> briefly.  I notice that you disable the x86 assembly code in
> crypt_blowfish, why?  There was a thread-safety problem in that code
> which has since been corrected, so you could want to update to
> crypt_blowfish 0.4.5 and re-enable that code:

We had massive problems with this, but I don't remember what it was
anymore. It had something to do with the toolchain. I will enable it
again and make same tests.

  Thorsten

-- 
Thorsten Kukuk       http://www.suse.de/~kukuk/        kukuk suse de
SuSE Linux AG        Deutschherrnstr. 15-19        D-90429 Nuernberg
--------------------------------------------------------------------    
Key fingerprint = A368 676B 5E1B 3E46 CFCE  2D97 F8FD 4E23 56C6 FB4B




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]