DragonFly BSD
DragonFly commits List (threaded) for 2012-01
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

git: crypt(3) - Switch SHA256/512 to the Linux implementation


From: Samuel Greear <sjg@xxxxxxxxxxxxxxxxxxxxxxx>
Date: Fri, 20 Jan 2012 05:13:17 -0800 (PST)

commit d8ee3b5d2d9ba12d8978a47bccb8e3945f96ea08
Author: Samuel J. Greear <sjg@thesjg.com>
Date:   Fri Jan 20 05:24:33 2012 -0700

    crypt(3) - Switch SHA256/512 to the Linux implementation
    
    * The existing SHA backends have been shown to be more susceptible to brute-
      force attacks than we would prefer --
      http://www.openwall.com/lists/oss-security/2012/01/16/2
    
    * Bring in the reference implementation used in Linux, code is in the public
      domain.
    
    * Add required (standard) functions mempcpy and stpcpy.
    
    * Change default for future installs to SHA512, this is the default on at
      least archlinux and fedora.
    
    * Add some minor hacks to libcrypt/crypt.c to ensure that
      a) All existing passwords continue to work
      b) All future passwords will be more secure with no changes required
    
    * To update passwords to the new format use passwd(1) for each user, and to
      change your default password type to SHA512 (default for new installations)
      change the passwd_format setting under default to "sha512".

Summary of changes:
 etc/login.conf                         |    2 +-
 include/string.h                       |    6 +-
 lib/libc/string/Makefile.inc           |   11 +-
 lib/libc/string/memcpy.3               |   13 +-
 lib/libc/string/mempcpy.c              |   44 ++
 lib/libc/string/stpncpy.c              |   44 ++
 lib/libc/string/strcpy.3               |   38 +-
 lib/libcrypt/Makefile                  |    8 +-
 lib/libcrypt/crypt-sha256.c            |  828 ++++++++++++++++++++++++++----
 lib/libcrypt/crypt-sha512.c            |  883 ++++++++++++++++++++++++++++----
 lib/libcrypt/crypt.c                   |   32 +-
 lib/libcrypt/crypt.h                   |    8 +-
 lib/libcrypt/deprecated-crypt-sha256.c |  122 +++++
 lib/libcrypt/deprecated-crypt-sha512.c |  110 ++++
 14 files changed, 1903 insertions(+), 246 deletions(-)
 create mode 100644 lib/libc/string/mempcpy.c
 create mode 100644 lib/libc/string/stpncpy.c
 create mode 100644 lib/libcrypt/deprecated-crypt-sha256.c
 create mode 100644 lib/libcrypt/deprecated-crypt-sha512.c

http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/d8ee3b5d2d9ba12d8978a47bccb8e3945f96ea08


-- 
DragonFly BSD source repository



[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]