FWIW, in Ubuntu 20.04 a bcrypt hash generated with -B in the provided
htpasswd (that uses their own implementation), can be used by crypt(3):
$ perl -e 'print crypt("cvspassword",
"\$2y\$05\$xGcVN3jyU43rgH/jtc0mG.wMEYmvXBjdZtBc5R1jFYD83aaOTWiqa"), "\n"'
$2y$05$xGcVN3jyU43rgH/jtc0mG.wMEYmvXBjd
Has there been any progress on this more than five year old topic?
The glibc of the long time supported 18.04.3 LTS still has no support for
BLF-CRYPT. I saw that from debian-side blowfish is still not supported but some
distros add it by themselves. Why not ubuntu?
--
You received this bug not
Please ignore my last comment. bcrypt is undoubtedly better than a
single round of SHA512 as a password hash (what I was on about), but
SHA512 is not the same thing as the multiple rounds used in SHA512-CRYPT
that's in libc and in Ulrich's paper.
--
You received this bug notification because you
For password hashing, bcrypt *is* better, by design. There's absolutely
no ambiguity here, the consensus is fully in favour of bcrypt. Hashes
like SHA512 are general purpose, designed to run really fast, whereas
bcrypt is explicitly for secure hashing and is deliberately, tuneably
slow. There are m
Alright, sorry for my rudeness and impatience. Granted, I am not
familiar with how these things are usually handled around here. I am
aware this is mainly an upstream issue, but from crypt(3)'s man page I
assumed distros are the ones who choose whether to implement Blowfish
support.
To quote the m
** Changed in: glibc (Ubuntu)
Importance: Undecided => Wishlist
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1349252
Title:
crypt(3) lacks Blowfish support
Status in “glibc” packag
On 28 July 2014 15:02, Dan Quade <1349...@bugs.launchpad.net> wrote:
> Using sha-crypt is not a solution. Certain apps are built to use
> crypt(3) only and thus lack Blowfish support. You have 1 day to reopen
> this bug or I will make a new one.
>
In Ubuntu, we typically do not deviate from our up
Using sha-crypt is not a solution. Certain apps are built to use
crypt(3) only and thus lack Blowfish support. You have 1 day to reopen
this bug or I will make a new one.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
htt
http://www.akkadia.org/drepper/sha-crypt.html
Please use SHA-512 or SHA-256, available universally since 2.7.
** Changed in: glibc (Ubuntu)
Status: New => Won't Fix
** Changed in: glibc (Ubuntu)
Assignee: (unassigned) => Dimitri John Ledkov (xnox)
** Changed in: linux (Ubuntu)
Some potentially useful info on the topic: http://log.or.cz/?p=56
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1349252
Title:
crypt(3) lacks Blowfish support
Status in “glibc” package
10 matches
Mail list logo
