OpenSSL libcrypto/libcrypt

Robert Connolly robert at linuxfromscratch.org
Wed Aug 29 18:13:00 PDT 2007


Shadow-openssl is still the next major thing I'd like to get finished. The 
design is a bit of a problem though. I 
found "postgresql-8.2.4/contrib/pgcrypto". The libpgcrypto.so library is a 
password library for OpenSSL. It supports blowfish, aes, 3des, etc, and 
readily supports new hashes that may be added to OpenSSL. This library is 
pretty much what I was building into Shadow a few months ago.

pgcrypto also supports pgp/gnupg, which might be neat to have because it's 
fairly universal (Linux, bsd, macos, windows).

OpenSSL doesn't generate usable passwords on it's own. It needs application 
code to handle iterations, salt, etc.

libpgcrypto.so could be left standalone. It could be used to replace 
libcrypt.so from libc. It could be built into shadow, but then every 
application would also need this done. Or it could be built into OpenSSL's 
libcrypto.so.

Replacing libcrypt.so with libpgcrypto.so, and linking libcrypt.so to 
OpenSSL's libcrypto.so (for md5, des, sha*, aes) looks like the best choice. 
It's the easiest one to maintain. libpgcrypto.so is 104Kb stripped.

Ruby also has a password module which depends on OpenSSL, but it's written in 
Ruby, so I don't know how to use it.

Maybe there's a better way, but so far the pgcrypto library looks like the 
best way.

I also found pwutils, and cpu (change password utility), busybox too, which 
are sortof replacements for Shadow's utilities, but one thing at a time.

robert
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.linuxfromscratch.org/pipermail/hlfs-dev/attachments/20070829/6be44d46/attachment.sig>


More information about the hlfs-dev mailing list