Shadow-openssl is still the next major thing I'd like to get finished. The design is a bit of a problem though. I found "postgresql-8.2.4/contrib/pgcrypto". The libpgcrypto.so library is a password library for OpenSSL. It supports blowfish, aes, 3des, etc, and readily supports new hashes that may be added to OpenSSL. This library is pretty much what I was building into Shadow a few months ago.
pgcrypto also supports pgp/gnupg, which might be neat to have because it's fairly universal (Linux, bsd, macos, windows). OpenSSL doesn't generate usable passwords on it's own. It needs application code to handle iterations, salt, etc. libpgcrypto.so could be left standalone. It could be used to replace libcrypt.so from libc. It could be built into shadow, but then every application would also need this done. Or it could be built into OpenSSL's libcrypto.so. Replacing libcrypt.so with libpgcrypto.so, and linking libcrypt.so to OpenSSL's libcrypto.so (for md5, des, sha*, aes) looks like the best choice. It's the easiest one to maintain. libpgcrypto.so is 104Kb stripped. Ruby also has a password module which depends on OpenSSL, but it's written in Ruby, so I don't know how to use it. Maybe there's a better way, but so far the pgcrypto library looks like the best way. I also found pwutils, and cpu (change password utility), busybox too, which are sortof replacements for Shadow's utilities, but one thing at a time. robert
pgpc134S2LbMc.pgp
Description: PGP signature
-- http://linuxfromscratch.org/mailman/listinfo/hlfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
