Heads-up, Re: git: crypt(3) - Switch SHA256/512 to the Linux implementation

Fri, 20 Jan 2012 05:24:30 -0800 

Just a quick heads-up,

Please test this on a machine to which you have console access prior to
updating any remote machines to which your only means of access is ssh or
similar, or give this patch a couple of days to marinate to ensure nothing
was broken.

Best,
Sam

On Fri, Jan 20, 2012 at 6:13 AM, Samuel Greear
<s...@crater.dragonflybsd.org>wrote:

>
> commit d8ee3b5d2d9ba12d8978a47bccb8e3945f96ea08
> Author: Samuel J. Greear <s...@thesjg.com>
> Date:   Fri Jan 20 05:24:33 2012 -0700
>
>    crypt(3) - Switch SHA256/512 to the Linux implementation
>
>    * The existing SHA backends have been shown to be more susceptible to
> brute-
>      force attacks than we would prefer --
>      http://www.openwall.com/lists/oss-security/2012/01/16/2
>
>    * Bring in the reference implementation used in Linux, code is in the
> public
>      domain.
>
>    * Add required (standard) functions mempcpy and stpcpy.
>
>    * Change default for future installs to SHA512, this is the default on
> at
>      least archlinux and fedora.
>
>    * Add some minor hacks to libcrypt/crypt.c to ensure that
>      a) All existing passwords continue to work
>      b) All future passwords will be more secure with no changes required
>
>    * To update passwords to the new format use passwd(1) for each user,
> and to
>      change your default password type to SHA512 (default for new
> installations)
>      change the passwd_format setting under default to "sha512".
>
> Summary of changes:
>  etc/login.conf                         |    2 +-
>  include/string.h                       |    6 +-
>  lib/libc/string/Makefile.inc           |   11 +-
>  lib/libc/string/memcpy.3               |   13 +-
>  lib/libc/string/mempcpy.c              |   44 ++
>  lib/libc/string/stpncpy.c              |   44 ++
>  lib/libc/string/strcpy.3               |   38 +-
>  lib/libcrypt/Makefile                  |    8 +-
>  lib/libcrypt/crypt-sha256.c            |  828
> ++++++++++++++++++++++++++----
>  lib/libcrypt/crypt-sha512.c            |  883
> ++++++++++++++++++++++++++++----
>  lib/libcrypt/crypt.c                   |   32 +-
>  lib/libcrypt/crypt.h                   |    8 +-
>  lib/libcrypt/deprecated-crypt-sha256.c |  122 +++++
>  lib/libcrypt/deprecated-crypt-sha512.c |  110 ++++
>  14 files changed, 1903 insertions(+), 246 deletions(-)
>  create mode 100644 lib/libc/string/mempcpy.c
>  create mode 100644 lib/libc/string/stpncpy.c
>  create mode 100644 lib/libcrypt/deprecated-crypt-sha256.c
>  create mode 100644 lib/libcrypt/deprecated-crypt-sha512.c
>
>
> http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/d8ee3b5d2d9ba12d8978a47bccb8e3945f96ea08
>
>
> --
> DragonFly BSD source repository
>

Reply via email to