OpenSSL libcrypto/libcrypt

Robert Connolly robert at linuxfromscratch.org
Tue May 1 10:29:26 PDT 2007


hmac-sha1 is now using getpid() for iteration counts:
http://www.linuxfromscratch.org/~robert/new/shadow-openssl/shadow-4.0.4.1-openssl.diff9

The iteration count doesn't have to be random, just different. The password 
string contains the iteration number, so randomness does very little good. It 
is different with each new password just so folks won't be able to use a 
pre-generated crack dictionary, and they'll need a new dictionary for each 
password hash.

I got sha512 working, but without copying identical code with different 
#define's I need to fix makefile.am to build the same file twice with 
different cppflags, and doing the autotools comes last.

This patch uses arc4random() for password salt, for the moment.

robert
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.linuxfromscratch.org/pipermail/hlfs-dev/attachments/20070501/504189d4/attachment.sig>


More information about the hlfs-dev mailing list