robert at linuxfromscratch.org
Wed Aug 29 18:13:00 PDT 2007
Shadow-openssl is still the next major thing I'd like to get finished. The
design is a bit of a problem though. I
found "postgresql-8.2.4/contrib/pgcrypto". The libpgcrypto.so library is a
password library for OpenSSL. It supports blowfish, aes, 3des, etc, and
readily supports new hashes that may be added to OpenSSL. This library is
pretty much what I was building into Shadow a few months ago.
pgcrypto also supports pgp/gnupg, which might be neat to have because it's
fairly universal (Linux, bsd, macos, windows).
OpenSSL doesn't generate usable passwords on it's own. It needs application
code to handle iterations, salt, etc.
libpgcrypto.so could be left standalone. It could be used to replace
libcrypt.so from libc. It could be built into shadow, but then every
application would also need this done. Or it could be built into OpenSSL's
Replacing libcrypt.so with libpgcrypto.so, and linking libcrypt.so to
OpenSSL's libcrypto.so (for md5, des, sha*, aes) looks like the best choice.
It's the easiest one to maintain. libpgcrypto.so is 104Kb stripped.
Ruby also has a password module which depends on OpenSSL, but it's written in
Ruby, so I don't know how to use it.
Maybe there's a better way, but so far the pgcrypto library looks like the
I also found pwutils, and cpu (change password utility), busybox too, which
are sortof replacements for Shadow's utilities, but one thing at a time.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
More information about the hlfs-dev