Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

proposal: x/crypto: add crypt(3) password hash algorithms #14274

Open
danderson opened this Issue Feb 9, 2016 · 8 comments

Comments

Projects
None yet
7 participants
@danderson
Copy link

danderson commented Feb 9, 2016

I'm writing code that has to generate crypt(3) compatible password hashes, for installation in /etc/shadow. A Google search for a library currently offers two abandoned github repositories, at least one of which is unsafe (ignores returned errors in the crypto logic), and a stack overflow answer that uses cgo to wrap libcrypt.

I'd like to propose adding solid Go implementations of the more common crypt(3) algorithms to x/crypto. Specifically, I'd like to have support for the ${1,5,6}$ algorithms (resp. MD5, SHA256, SHA512), as well as the older DES-based algorithm for universality. The package documentation should include a recommendation against using the crypt(3) algorithms unless compatibility with crypt(3)-using code is necessary, since there exist much better KDFs already in x/crypto if you're working with a clean slate.

If this sounds reasonable, I'm volunteering to provide the implementation.

@ianlancetaylor ianlancetaylor changed the title Proposal: add crypt(3) algorithms to x/crypto x/crypto: proposal: add crypt(3) algorithms to x/crypto Feb 9, 2016

@ianlancetaylor ianlancetaylor added this to the Proposal milestone Feb 9, 2016

@ianlancetaylor

This comment has been minimized.

Copy link
Contributor

ianlancetaylor commented Feb 9, 2016

Seems reasonable to me, but CC @agl.

@rsc rsc changed the title x/crypto: proposal: add crypt(3) algorithms to x/crypto proposal: x/crypto: add crypt(3) password hash algorithms Feb 9, 2016

@danderson

This comment has been minimized.

Copy link
Author

danderson commented Feb 13, 2016

Ping @agl , does this sound like something you'd accept if I send patches?

@danderson

This comment has been minimized.

Copy link
Author

danderson commented Mar 24, 2016

Ping.

@bradfitz

This comment has been minimized.

Copy link
Member

bradfitz commented Mar 25, 2016

With suitable documentation as you mentioned, this sounds reasonable. Feel free to send a CL.

If if it turns out @agl later objects passionately, you can put it under go4.org if you want to give it a non-github import path.

@adg adg modified the milestones: Unreleased, Proposal Aug 15, 2016

@eikenb

This comment has been minimized.

Copy link

eikenb commented Nov 7, 2018

@danderson Any progress on this? I'm currently using a libpam wrapper but would much prefer a native implementation.

@stapelberg

This comment has been minimized.

Copy link
Contributor

stapelberg commented Jan 3, 2019

Note that in the meantime, https://github.com/GehirnInc/crypt has appeared.

@stapelberg

This comment has been minimized.

Copy link
Contributor

stapelberg commented Jan 3, 2019

There’s another copy of what seems to be largely the same code at https://github.com/tredoe/osutil/tree/master/user/crypt and https://github.com/ncw/pwhash.

I’d say it makes sense to provide a canonical implementation in x/crypto :)

@protosam

This comment has been minimized.

Copy link

protosam commented Jan 24, 2019

I would like to see this added as well. I'm working on a libnss passwd/group/shadow module that stores users in etcd. Being able to build the hash withouth using a non-standard library or manually writing my own tool kit would be stellar.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.