blowfish encryption in lfs

Frederick Grim fgrim at norby.dyndns.org
Wed Feb 19 11:07:36 PST 2003


Howdy all,

  Okay I have a reasonable set of patches now.  I have ported owl's blowfish patch to
shadow and glibc to lfs cvs.  I have included three patches for your amusement.  The first
is to glibc-2.3.1 the second is to shadow and the third is to the man pages.  The glibc
patch adds the blowfish scheme (from Neils Provos's bcrypt in OpenBSD-NetBSD) to the crypt
directory.  The manpage patch documents these changed routines.  The final patch to shadow
allows shadowed passwords to get the bf hash.  As of right now pam support is not ready...I
would like to make sure these patches all work with everyone.  That means if you compile
with pam support you probably won't be able to login.  I have included a copy of my
login.defs to the tar ball as an example.  I also wrote some documentation that the owl
stuff seems to be missing for the login.defs man page.  so patch away, compile, and then
before trying to login type passwd at the prompt and change your password.  You can check
on the algo by looking at /etc/shadow the password field for a user should look something
like

user_foo:$2a$12$ynJMLbSxCMmK/n8sYZLWtee.5pbTZb.AMlAqavKtK8ND8Ftm6YoDS:12102:0:99999:7:::

Now why go through all this you might ask?  Well for one you have a bit finer grained
control over the hashing stuff.  The shadow patch allows you to specify the minimum and
maximum number of bytes of salt as well as the algorithm.  So md5 hashes or even des can
still be used if you so desire.  You can also specify the number of rounds of torture to
feed your password.

I would like everyones feed back if possible.  I would like to get the pam stuff working if
it seems that others want this. Enjoy

Fred

-- 
#!/usr/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj $/=unpack('H*',$_);$_=`echo
16dio\U$k"SK$/SM$n\EsN0p[lN*1 lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.linuxfromscratch.org/pipermail/lfs-dev/attachments/20030219/2536b173/attachment.sig>


More information about the lfs-dev mailing list