New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Compile-time switch for disabling SUNMD5 hashes #7
Comments
ldv-alt
added a commit
to ldv-alt/libxcrypt
that referenced
this issue
Jun 30, 2018
Extend --enable-weak-hashes configure option to accept optional "glibc" parameter. When specified, it enables only those of weak hashes that are supported by historic versions of the GNU libc. Closes: besser82#7
ldv-alt
added a commit
to ldv-alt/libxcrypt
that referenced
this issue
Jun 30, 2018
Extend --enable-weak-hashes configure option to accept optional "glibc" parameter. When specified, it enables only those of weak hashes that are supported by historic versions of the GNU libc. Closes: besser82#7
zackw
added a commit
that referenced
this issue
Jul 10, 2018
This eliminates all CDDL-licensed code from the library, as requested in issue #7 because of GPL incompatibility. The new implementation was based exclusively on the prose description of the algorithm in the Passlib v1.7.1 documentation, which should be adequately arms-length for copyright purposes. (N.B. the lengthy quotation from _Hamlet_ is used as input to MD5, so it must remain byte-for-byte identical to achieve interoperability with the original; also, the play itself is in the public domain.) The new implementation is also fully deterministic (that is, its gensalt procedure draws randomness only from its rbytes argument) and does not call malloc.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The implementation is under the CDDL, which some of us consider inappropriate for a system library due to its GPL incompatibility.
The text was updated successfully, but these errors were encountered: