Hello! On Mon, Oct 09, 2017 at 08:44:07PM +0300, Leonid Evdokimov wrote:
> Hello! > > I'd like to see few more lines about SHA-2 support in glibc crypt() in > documentation. I've created small patch for nginx.org repo, it's > attached. > > -- > WBRBW, Leonid Evdokimov, xmpp:l...@darkk.net.ru http://darkk.net.ru > tel:+79816800702 > PGP: 6691 DE6B 4CCD C1C1 76A0 0D4A E1F2 A980 7F50 FAB2 > # HG changeset patch > # User Leonid Evdokimov <l...@darkk.net.ru> > # Date 1507567640 -10800 > # Mon Oct 09 19:47:20 2017 +0300 > # Node ID ef79dd801d1b7aedebd76c9e3a034b2009a34b78 > # Parent 2ac75347ed1af5a42d84e08edbe66f762676e668 > Mention that crypt() may support SHA-2 schemes as well > > diff -r 2ac75347ed1a -r ef79dd801d1b > xml/en/docs/http/ngx_http_auth_basic_module.xml > --- a/xml/en/docs/http/ngx_http_auth_basic_module.xml Mon Oct 09 18:14:23 > 2017 +0300 > +++ b/xml/en/docs/http/ngx_http_auth_basic_module.xml Mon Oct 09 19:47:20 > 2017 +0300 > @@ -97,6 +97,12 @@ > encrypted with the <c-func>crypt</c-func> function; can be generated using > the “<command>htpasswd</command>” utility from the Apache HTTP Server > distribution or the “<command>openssl passwd</command>” command; > +<note> > +<link url="https://en.wikipedia.org/wiki/GNU_C_Library">Glibc</link> > implementation of <c-func>crypt</c-func> > +also support salted SHA-256 and SHA-512 schemes (<literal>$5$</literal> и > <literal>$6$</literal>). > +These hashes may be generated using “<command>mkpasswd</command>” utlity > from “whois” package or following python one-liner: > +“<command>python2 -c 'import base64, os, crypt; print > crypt.crypt("P@ssw0rd", "$6$" + base64.b64encode(os.urandom(12), > altchars="./"))'</command>”. All crypt() schemes available on a particular OS are supported, and this is what is written in the above paragraph. It is not clear why to document $5$ and $6$ explicitly. (Also, it might not be a good idea to actually use $5$ and especially $6$ crypt schemes for web authentication, as crypt() is needed for each request, and these schemes are quite CPU intensive.) [...] -- Maxim Dounin http://nginx.org/ _______________________________________________ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel