robert at linuxfromscratch.org
Fri Aug 31 21:50:11 PDT 2007
NetBSD's libcrypt ported to OpenSSL and Linux (including tests/examples):
hmac-sha1, md5, and bcrypt work. bcrypt is internal, I can't see how to use
any blowfish functions from OpenSSL. I'd love to use the Blowfish from
OpenSSL, not only for better performance but so this libcrypt package
wouldn't contain any algorithms (see European cryptography laws). The bcrypt
code in libxcrypt, pgcrypto, Owl-bcrypt, is all based on the same source, but
the pgcrypto variation is slightly closer to OpenSSL compatible. So it might
still be possible to get the heart of the bcrypt routines from OpenSSL.
pw_gensalt(salt_buffer, salt_length, algorithm, iterations)
pw_gensalt depends on arc4random(3). Using OpenSSL's RAND_bytes(3) is probably
a better idea.
/usr/bin/*sum can use OpenSSL's libcrypto directly, because they don't use
salts or iterations.
I think this is the most sensible solution. libpgcrypto depends on postgresql,
and supports unneeded database encryption. I also think if this library is
cleaned up a bit more, then OpenSSL.org might consider adding it to their
The default crypt can also be changed from des to something else, so crypt()
defaults to sha[x], or blowfish, and creates the random salt transparently.
There should be an easy way to make this optional.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
More information about the hlfs-dev