Shadow 4.1 series

Robert Connolly robert at linuxfromscratch.org
Thu Aug 7 18:03:19 PDT 2008


On Thursday August 7 2008 08:18:28 pm Kevin Day wrote:
> On Thu, Aug 7, 2008 at 7:00 PM, Robert Connolly
>
> <robert at linuxfromscratch.org> wrote:
> > On Friday August 1 2008 01:32:03 pm Kevin Day wrote:
> >> The shadow 4.1.* series at long last added decent encryption
> >> techniques, namely AES.
> >> However, I did not see mention of the Blowfish algorithm making it's way
> >> in.
> >>
> >> Are the shadow blowfish (owl) patches going to be converted or have
> >> they already been prepared for the 4.1 series.
> >>
> >> If neither, then perhaps at some point I will look into doing the patch
> >> myself.
> >>
> >> --
> >> Kevin Day
> >
> > I think you mean SHA512. I don't see AES support in Shadow-utils.
> >
> > robert
>
> Your are correct, I cannot seem to find aes either.
> Perhaps I dreamed it up while I was sleeping.
>
> Anyway, I am going to make a request for Blowfish inclusion.
>
> There was some request before, but it was not accepted (nor shot down)
> due to them not knowing whether people would want it.  So I shall
> attempt to explain that there are people who do want blowfish in
> shadow.
>
> http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/2008-May/006622.h
>tml
> http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/2008-May/006621.h
>tml
>
>
> As an FYI, I am starting to reach a saturation point in mailing lists
> and am starting to forget which mailing list I am talking on. So,
> heres a heads up apology for any upcoming send to the wrong mailing
> list that is probably going to happen.
>
> --
> Kevin Day

I still think the ideal solution to this is adding openssl support to shadow. 
Openssl is the best candidate for a crypto library for shadow. I more or less 
had it working with old shadow versions, with md5 and sha*, at:
http://www.linuxfromscratch.org/~robert/new/shadow-openssl/

Bcrypt passwords use an adaptation of blowfish, and so bcrypt passwords can't 
be generated by openssl, unless they add it. The current Glibc staff have 
completely rejected bcrypt. Openssl might accept a patch for it.

I'm confident that the shadow team would accept a patch for openssl support of 
des, md5 and sha*, and that would be enough to get the ball rolling for 
others to add the additional algorithms, like aes.

robert
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://lists.linuxfromscratch.org/pipermail/hlfs-dev/attachments/20080807/7b9b37ba/attachment.sig>


More information about the hlfs-dev mailing list