Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

proposal: x/crypto: add crypt(3) password hash algorithms #14274

Open
danderson opened this issue Feb 9, 2016 · 8 comments
Open

proposal: x/crypto: add crypt(3) password hash algorithms #14274

danderson opened this issue Feb 9, 2016 · 8 comments

Comments

@danderson
Copy link

@danderson danderson commented Feb 9, 2016

I'm writing code that has to generate crypt(3) compatible password hashes, for installation in /etc/shadow. A Google search for a library currently offers two abandoned github repositories, at least one of which is unsafe (ignores returned errors in the crypto logic), and a stack overflow answer that uses cgo to wrap libcrypt.

I'd like to propose adding solid Go implementations of the more common crypt(3) algorithms to x/crypto. Specifically, I'd like to have support for the ${1,5,6}$ algorithms (resp. MD5, SHA256, SHA512), as well as the older DES-based algorithm for universality. The package documentation should include a recommendation against using the crypt(3) algorithms unless compatibility with crypt(3)-using code is necessary, since there exist much better KDFs already in x/crypto if you're working with a clean slate.

If this sounds reasonable, I'm volunteering to provide the implementation.

@ianlancetaylor ianlancetaylor changed the title Proposal: add crypt(3) algorithms to x/crypto x/crypto: proposal: add crypt(3) algorithms to x/crypto Feb 9, 2016
@ianlancetaylor ianlancetaylor added this to the Proposal milestone Feb 9, 2016
@ianlancetaylor
Copy link
Contributor

@ianlancetaylor ianlancetaylor commented Feb 9, 2016

Seems reasonable to me, but CC @agl.

@rsc rsc changed the title x/crypto: proposal: add crypt(3) algorithms to x/crypto proposal: x/crypto: add crypt(3) password hash algorithms Feb 9, 2016
@danderson
Copy link
Author

@danderson danderson commented Feb 13, 2016

Ping @agl , does this sound like something you'd accept if I send patches?

@danderson
Copy link
Author

@danderson danderson commented Mar 24, 2016

Ping.

@bradfitz
Copy link
Contributor

@bradfitz bradfitz commented Mar 25, 2016

With suitable documentation as you mentioned, this sounds reasonable. Feel free to send a CL.

If if it turns out @agl later objects passionately, you can put it under go4.org if you want to give it a non-github import path.

@adg adg modified the milestones: Unreleased, Proposal Aug 15, 2016
@eikenb
Copy link

@eikenb eikenb commented Nov 7, 2018

@danderson Any progress on this? I'm currently using a libpam wrapper but would much prefer a native implementation.

@stapelberg
Copy link
Contributor

@stapelberg stapelberg commented Jan 3, 2019

Note that in the meantime, https://github.com/GehirnInc/crypt has appeared.

@stapelberg
Copy link
Contributor

@stapelberg stapelberg commented Jan 3, 2019

There’s another copy of what seems to be largely the same code at https://github.com/tredoe/osutil/tree/master/user/crypt and https://github.com/ncw/pwhash.

I’d say it makes sense to provide a canonical implementation in x/crypto :)

@protosam
Copy link

@protosam protosam commented Jan 24, 2019

I would like to see this added as well. I'm working on a libnss passwd/group/shadow module that stores users in etcd. Being able to build the hash withouth using a non-standard library or manually writing my own tool kit would be stellar.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
8 participants
You can’t perform that action at this time.