NetBSD's libcrypt ported to OpenSSL and Linux (including tests/examples): http://www.linuxfromscratch.org/~robert/new/shadow-openssl/libcrypt-ssl-20070901/
hmac-sha1, md5, and bcrypt work. bcrypt is internal, I can't see how to use any blowfish functions from OpenSSL. I'd love to use the Blowfish from OpenSSL, not only for better performance but so this libcrypt package wouldn't contain any algorithms (see European cryptography laws). The bcrypt code in libxcrypt, pgcrypto, Owl-bcrypt, is all based on the same source, but the pgcrypto variation is slightly closer to OpenSSL compatible. So it might still be possible to get the heart of the bcrypt routines from OpenSSL. Functions are: crypt_sha1(password, salt) crypt_md5(password, salt) __bcrypt(password, salt) pw_gensalt(salt_buffer, salt_length, algorithm, iterations) pw_gensalt depends on arc4random(3). Using OpenSSL's RAND_bytes(3) is probably a better idea. /usr/bin/*sum can use OpenSSL's libcrypto directly, because they don't use salts or iterations. I think this is the most sensible solution. libpgcrypto depends on postgresql, and supports unneeded database encryption. I also think if this library is cleaned up a bit more, then OpenSSL.org might consider adding it to their demos/ directory. The default crypt can also be changed from des to something else, so crypt() defaults to sha[x], or blowfish, and creates the random salt transparently. There should be an easy way to make this optional. robert
pgpEjNeXxgXWE.pgp
Description: PGP signature
-- http://linuxfromscratch.org/mailman/listinfo/hlfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
