Permalink
Browse files

Update crypt_blowfish to 1.3, switch to 2b hash prefix

  • Loading branch information...
skinkade committed Apr 10, 2016
1 parent 743ad63 commit c0a10d2b1628dff5569a0771d66314e984545bd3
View
@@ -6,7 +6,7 @@ use LibraryMake;
class Build is Panda::Builder {
method build($dir) {
my Str $ext = "$dir/ext/crypt_blowfish-1.2";
my Str $ext = "$dir/ext/crypt_blowfish-1.3";
my Str $blib = "$dir/blib";
rm_f("$ext/crypt_blowfish.so");
rm_f("$ext/crypt_blowfish.o", "$ext/crypt_gensalt.o");
View
@@ -4,7 +4,7 @@ CFLAGS = %CCSHARED% %CCFLAGS%
LDSHARED = %LDSHARED%
ASFLAGS = -c
LDFLAGS = $(LDSHARED) -s
DIR = ext/crypt_blowfish-1.2/
DIR = ext/crypt_blowfish-1.3/
STATIC_OBJ = \
%DESTDIR%/crypt_blowfish.so
View
@@ -19,11 +19,11 @@ Windows support is absent, though planned.
## Credit ##
This module uses the Openwall crypt\_blowfish library by Solar Designer. See http://www.openwall.com/crypt/ and the header of
[crypt\_blowfish.c](ext/crypt_blowfish-1.2/crypt_blowfish.c) for details.
[crypt\_blowfish.c](ext/crypt_blowfish-1.3/crypt_blowfish.c) for details.
## License ##
The Openwall library is licensed and redistributed under the terms outlined in the header of [crypt\_blowfish.c](ext/crypt_blowfish-1.2/crypt_blowfish.c). Any modifications are released under the same terms.
The Openwall library is licensed and redistributed under the terms outlined in the header of [crypt\_blowfish.c](ext/crypt_blowfish-1.3/crypt_blowfish.c). Any modifications are released under the same terms.
This module is released under the terms of the ISC License.
See the [LICENSE](LICENSE) file for details.

This file was deleted.

Oops, something went wrong.

This file was deleted.

Oops, something went wrong.
@@ -0,0 +1,29 @@
New versions of this package (crypt_blowfish):
http://www.openwall.com/crypt/
A paper on the algorithm that explains its design decisions:
http://www.usenix.org/events/usenix99/provos.html
Unix Seventh Edition Manual, Volume 2: the password scheme (1978):
http://plan9.bell-labs.com/7thEdMan/vol2/password
The Openwall GNU/*/Linux (Owl) tcb suite implementing the alternative
password shadowing scheme. This includes a PAM module which
supersedes pam_unix and uses the password hashing framework provided
with crypt_blowfish when setting new passwords.
http://www.openwall.com/tcb/
pam_passwdqc, a password strength checking and policy enforcement
module for PAM-aware password changing programs:
http://www.openwall.com/passwdqc/
John the Ripper password cracker:
http://www.openwall.com/john/
$Owl: Owl/packages/glibc/crypt_blowfish/LINKS,v 1.4 2005/11/16 13:09:47 solar Exp $
@@ -0,0 +1,30 @@
These numbers are for 32 iterations ("$2a$05"):
OpenBSD 3.0 bcrypt(*) crypt_blowfish 0.4.4
Pentium III, 840 MHz 99 c/s 121 c/s (+22%)
Alpha 21164PC, 533 MHz 55.5 c/s 76.9 c/s (+38%)
UltraSparc IIi, 400 MHz 49.9 c/s 52.5 c/s (+5%)
Pentium, 120 MHz 8.8 c/s 20.1 c/s (+128%)
PA-RISC 7100LC, 80 MHz 8.5 c/s 16.3 c/s (+92%)
(*) built with -fomit-frame-pointer -funroll-loops, which I don't
think happens for libcrypt.
Starting with version 1.1 released in June 2011, default builds of
crypt_blowfish invoke a quick self-test on every hash computation.
This has roughly a 4.8% performance impact at "$2a$05", but only a 0.6%
impact at a more typical setting of "$2a$08".
The large speedup for the original Pentium is due to the assembly
code and the weird optimizations this processor requires.
The numbers for password cracking are 2 to 10% higher than those for
crypt_blowfish as certain things may be done out of the loop and the
code doesn't need to be reentrant.
Recent versions of John the Ripper (1.6.25-dev and newer) achieve an
additional 15% speedup on the Pentium Pro family of processors (which
includes Pentium III) with a separate version of the assembly code and
run-time CPU detection.
$Owl: Owl/packages/glibc/crypt_blowfish/PERFORMANCE,v 1.6 2011/06/21 12:09:20 solar Exp $
@@ -0,0 +1,68 @@
This is an implementation of a password hashing method, provided via the
crypt(3) and a reentrant interface. It is fully compatible with
OpenBSD's bcrypt.c for prefix "$2b$", originally by Niels Provos and
David Mazieres. (Please refer to the included crypt(3) man page for
information on minor compatibility issues for other bcrypt prefixes.)
I've placed this code in the public domain, with fallback to a
permissive license. Please see the comment in crypt_blowfish.c for
more information.
You can use the provided routines in your own packages, or link them
into a C library. I've provided hooks for linking into GNU libc, but
it shouldn't be too hard to get this into another C library. Note
that simply adding this code into your libc is probably not enough to
make your system use the new password hashing algorithm. Changes to
passwd(1), PAM modules, or whatever else your system uses will likely
be needed as well. These are not a part of this package, but see
LINKS for a pointer to our tcb suite.
Instructions on using the routines in one of the two common ways are
given below. It is recommended that you test the routines on your
system before you start. Type "make check" or "make check_threads"
(if you have the POSIX threads library), then "make clean".
1. Using the routines in your programs.
The available interfaces are in ow-crypt.h, and this is the file you
should include. You won't need crypt.h. When linking, add all of the
C files and x86.S (you can compile and link it even on a non-x86, it
will produce no code in this case).
2. Building the routines into GNU C library.
For versions 2.13 and 2.14 (and likely other nearby ones), extract the
library sources as usual. Apply the patch for glibc 2.14 provided in
this package. Enter crypt/ and rename crypt.h to gnu-crypt.h within
that directory. Copy the C sources, header, and assembly (x86.S) files
from this package in there as well (but be sure you don't overwrite the
Makefile). Configure, build, and install the library as usual.
For versions 2.2 to 2.3.6 (and likely also for some newer ones),
extract the library sources and maybe its optional add-ons as usual.
Apply the patch for glibc 2.3.6 provided in this package. Enter
crypt/ and rename crypt.h to gnu-crypt.h within that directory. Copy
the C sources, header, and assembly (x86.S) files from this package in
there as well (but be sure you don't overwrite the Makefile).
Configure, build, and install the library as usual.
For versions 2.1 to 2.1.3, extract the library sources and the crypt
and linuxthreads add-ons as usual. Apply the patch for glibc 2.1.3
provided in this package. Enter crypt/sysdeps/unix/, and rename
crypt.h to gnu-crypt.h within that directory. Copy C sources, header,
and assembly (x86.S) files from this package in there as well (but be
sure you don't overwrite the Makefile). Configure, build, and install
the library as usual.
Programs that want to use the provided interfaces will need to include
crypt.h (but not ow-crypt.h directly). By default, prototypes for the
new routines aren't defined (but the extra functionality of crypt(3)
is indeed available). You need to define _OW_SOURCE to obtain the new
routines as well.
--
Solar Designer <solar at openwall.com>
$Owl: Owl/packages/glibc/crypt_blowfish/README,v 1.10 2014/07/07 15:19:04 solar Exp $
Oops, something went wrong.

0 comments on commit c0a10d2

Please sign in to comment.