On 22 October 2011 21:58, Ed W <[email protected]> wrote: > Hi, I had a need for bsd style blowfish (bcrypt) and glibc style sha2, > crypt functions. > > The bcrypt code mostly comes from openwall and is included as standard > in Suse (and BSD). I have adapted it to remove the wrapper code. We > get re-entrant encryption entry points for free and I added a non > re-entrant point for uclibc (since we don't yet support re-entrant > calls). This function is useful for compatibility with various web > libraries which are increasingly encouraging developers to use strong > hashing techniques, with bcrypt being the current favourite. Why it's > useful is because many other applications such as Dovecot ask the libc > crypt function to generate the hash and compare with the value in the DB > - so adding this to your libc gives you automatic support in Dovecot and > your web admin interface can use strong hashes... > > Although bcrypt is most common in web toolkits, it uses the blowfish > encryption algorithm and some users are constrained to only use > "approved" hash functions. Therefore glibc added a similar repetitive > hash function (with a configurable number of repeated rounds to > deliberately burn CPU), but using the SHA2 hash. I haven't yet seen > support outside of the crypt function, but this is potentially a very > strong hash algorithm and I believe the default in many distros (?). > The patch attached is lifted almost directly from glibc. > > I found this page useful for generating hashes to test the uclibc crypt > function with these patches: > http://openwall.info/wiki/john/Generating-test-hashes > > Grateful for feedback on code style, etc and if necessary I can > re-submit in appropriate style?
Please provide bloat-o-meter output. I think that it would make sense to add a config-knob for both blowfish and sha256. As to the sha256 implementation, it uses nested functions and as such will fail to build for (ancient) c89/c90 only bootstrap compilers, so please note this fact in the help-text of the config entry. PS: please don't forget a Signed-off-by line when you resend. TIA and cheers, _______________________________________________ uClibc mailing list [email protected] http://lists.busybox.net/mailman/listinfo/uclibc
