[
https://issues.apache.org/jira/browse/CODEC-133?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Christian Hammers updated CODEC-133:
------------------------------------
Attachment: crypt3-with-utexas-licence.diff
This is a patch agains svn trunk version 1241181. It includes the neccessary
new classes as well as tests:
M src/main/java/org/apache/commons/codec/digest/DigestUtils.java
A src/main/java/org/apache/commons/codec/digest/Md5Crypt.java
M src/main/java/org/apache/commons/codec/digest/package.html
A src/main/java/org/apache/commons/codec/digest/README.WORK
A src/main/java/org/apache/commons/codec/digest/Sha256Crypt.java
A src/main/java/org/apache/commons/codec/digest/Sha512Crypt.java
A src/main/java/org/apache/commons/codec/digest/UnixCrypt.java
M src/test/java/org/apache/commons/codec/digest/DigestUtilsTest.java
A src/test/java/org/apache/commons/codec/digest/Md5CryptTest.java
A src/test/java/org/apache/commons/codec/digest/Sha256CryptTest.java
A src/test/java/org/apache/commons/codec/digest/Sha512CryptTest.java
A src/test/java/org/apache/commons/codec/digest/UnixCryptTest.java
README.WORK contains some notes to the reviewer and should be deleted then.
The files already include the Apache license text but the original utexas
copyright notice is still left. I leave it for you to sort out the legal stuff
with Jonathan Abbey.
> Please add a function for the MD5/SHA1/SHA-512 based Unix crypt(3) hash
> variants
> --------------------------------------------------------------------------------
>
> Key: CODEC-133
> URL: https://issues.apache.org/jira/browse/CODEC-133
> Project: Commons Codec
> Issue Type: New Feature
> Affects Versions: 1.6
> Reporter: Christian Hammers
> Labels: MD5, SHA-512, crypt(3), crypto, hash
> Attachments: crypt3-with-utexas-licence.diff
>
>
> The Linux libc6 crypt(3) function, which is used to generate e.g. the
> password hashes in /etc/shadow, is available in nearly all other programming
> languages (Perl, PHP, Python, C, C++, ...) and databases like MySQL and
> offers MD5/SHA1/SHA-512 based algorithms that were improved by adding a salt
> and several iterations to make rainbow table attacks harder. Thus they are
> widely used to store user passwords.
> Java, though, has due it's platform independence, no direct access to the
> libc functions and still lacks an proper port of the crypt(3) function.
> I already filed a wishlist bug (CODEC-104) for the traditional 56-bit DES
> based crypt(3) method but would also like to see the much stronger algorithms.
> There are other bug reports like DIRSTUDIO-738 that demand those crypt
> variants for some specific applications so there it would benefit other
> Apache projects as well.
> Java ports of most of the specific crypt variants are already existing, but
> they would have to be cleaned up, properly tested and license checked:
> ftp://ftp.arlut.utexas.edu/pub/java_hashes/
> I would be willing to help here by cleaning the source code and writing unit
> tests etc. but I'd like to generally know if you are interested and if
> there's someone who can do a code review (it's security relevant after all
> and I'm no crypto guy)
> bye,
> -christian-
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
