forked from dwarring/p6-Crypt-Bcrypt
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Update crypt_blowfish to 1.3, switch to 2b hash prefix
- Loading branch information
Showing
22 changed files
with
908 additions
and
34 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Original file line | Diff line number | Diff line change |
---|---|---|---|
@@ -0,0 +1,29 @@ | |||
New versions of this package (crypt_blowfish): | |||
|
|||
http://www.openwall.com/crypt/ | |||
|
|||
A paper on the algorithm that explains its design decisions: | |||
|
|||
http://www.usenix.org/events/usenix99/provos.html | |||
|
|||
Unix Seventh Edition Manual, Volume 2: the password scheme (1978): | |||
|
|||
http://plan9.bell-labs.com/7thEdMan/vol2/password | |||
|
|||
The Openwall GNU/*/Linux (Owl) tcb suite implementing the alternative | |||
password shadowing scheme. This includes a PAM module which | |||
supersedes pam_unix and uses the password hashing framework provided | |||
with crypt_blowfish when setting new passwords. | |||
|
|||
http://www.openwall.com/tcb/ | |||
|
|||
pam_passwdqc, a password strength checking and policy enforcement | |||
module for PAM-aware password changing programs: | |||
|
|||
http://www.openwall.com/passwdqc/ | |||
|
|||
John the Ripper password cracker: | |||
|
|||
http://www.openwall.com/john/ | |||
|
|||
$Owl: Owl/packages/glibc/crypt_blowfish/LINKS,v 1.4 2005/11/16 13:09:47 solar Exp $ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Original file line | Diff line number | Diff line change |
---|---|---|---|
@@ -0,0 +1,30 @@ | |||
These numbers are for 32 iterations ("$2a$05"): | |||
|
|||
OpenBSD 3.0 bcrypt(*) crypt_blowfish 0.4.4 | |||
Pentium III, 840 MHz 99 c/s 121 c/s (+22%) | |||
Alpha 21164PC, 533 MHz 55.5 c/s 76.9 c/s (+38%) | |||
UltraSparc IIi, 400 MHz 49.9 c/s 52.5 c/s (+5%) | |||
Pentium, 120 MHz 8.8 c/s 20.1 c/s (+128%) | |||
PA-RISC 7100LC, 80 MHz 8.5 c/s 16.3 c/s (+92%) | |||
|
|||
(*) built with -fomit-frame-pointer -funroll-loops, which I don't | |||
think happens for libcrypt. | |||
|
|||
Starting with version 1.1 released in June 2011, default builds of | |||
crypt_blowfish invoke a quick self-test on every hash computation. | |||
This has roughly a 4.8% performance impact at "$2a$05", but only a 0.6% | |||
impact at a more typical setting of "$2a$08". | |||
|
|||
The large speedup for the original Pentium is due to the assembly | |||
code and the weird optimizations this processor requires. | |||
|
|||
The numbers for password cracking are 2 to 10% higher than those for | |||
crypt_blowfish as certain things may be done out of the loop and the | |||
code doesn't need to be reentrant. | |||
|
|||
Recent versions of John the Ripper (1.6.25-dev and newer) achieve an | |||
additional 15% speedup on the Pentium Pro family of processors (which | |||
includes Pentium III) with a separate version of the assembly code and | |||
run-time CPU detection. | |||
|
|||
$Owl: Owl/packages/glibc/crypt_blowfish/PERFORMANCE,v 1.6 2011/06/21 12:09:20 solar Exp $ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Original file line | Diff line number | Diff line change |
---|---|---|---|
@@ -0,0 +1,68 @@ | |||
This is an implementation of a password hashing method, provided via the | |||
crypt(3) and a reentrant interface. It is fully compatible with | |||
OpenBSD's bcrypt.c for prefix "$2b$", originally by Niels Provos and | |||
David Mazieres. (Please refer to the included crypt(3) man page for | |||
information on minor compatibility issues for other bcrypt prefixes.) | |||
|
|||
I've placed this code in the public domain, with fallback to a | |||
permissive license. Please see the comment in crypt_blowfish.c for | |||
more information. | |||
|
|||
You can use the provided routines in your own packages, or link them | |||
into a C library. I've provided hooks for linking into GNU libc, but | |||
it shouldn't be too hard to get this into another C library. Note | |||
that simply adding this code into your libc is probably not enough to | |||
make your system use the new password hashing algorithm. Changes to | |||
passwd(1), PAM modules, or whatever else your system uses will likely | |||
be needed as well. These are not a part of this package, but see | |||
LINKS for a pointer to our tcb suite. | |||
|
|||
Instructions on using the routines in one of the two common ways are | |||
given below. It is recommended that you test the routines on your | |||
system before you start. Type "make check" or "make check_threads" | |||
(if you have the POSIX threads library), then "make clean". | |||
|
|||
|
|||
1. Using the routines in your programs. | |||
|
|||
The available interfaces are in ow-crypt.h, and this is the file you | |||
should include. You won't need crypt.h. When linking, add all of the | |||
C files and x86.S (you can compile and link it even on a non-x86, it | |||
will produce no code in this case). | |||
|
|||
|
|||
2. Building the routines into GNU C library. | |||
|
|||
For versions 2.13 and 2.14 (and likely other nearby ones), extract the | |||
library sources as usual. Apply the patch for glibc 2.14 provided in | |||
this package. Enter crypt/ and rename crypt.h to gnu-crypt.h within | |||
that directory. Copy the C sources, header, and assembly (x86.S) files | |||
from this package in there as well (but be sure you don't overwrite the | |||
Makefile). Configure, build, and install the library as usual. | |||
|
|||
For versions 2.2 to 2.3.6 (and likely also for some newer ones), | |||
extract the library sources and maybe its optional add-ons as usual. | |||
Apply the patch for glibc 2.3.6 provided in this package. Enter | |||
crypt/ and rename crypt.h to gnu-crypt.h within that directory. Copy | |||
the C sources, header, and assembly (x86.S) files from this package in | |||
there as well (but be sure you don't overwrite the Makefile). | |||
Configure, build, and install the library as usual. | |||
|
|||
For versions 2.1 to 2.1.3, extract the library sources and the crypt | |||
and linuxthreads add-ons as usual. Apply the patch for glibc 2.1.3 | |||
provided in this package. Enter crypt/sysdeps/unix/, and rename | |||
crypt.h to gnu-crypt.h within that directory. Copy C sources, header, | |||
and assembly (x86.S) files from this package in there as well (but be | |||
sure you don't overwrite the Makefile). Configure, build, and install | |||
the library as usual. | |||
|
|||
Programs that want to use the provided interfaces will need to include | |||
crypt.h (but not ow-crypt.h directly). By default, prototypes for the | |||
new routines aren't defined (but the extra functionality of crypt(3) | |||
is indeed available). You need to define _OW_SOURCE to obtain the new | |||
routines as well. | |||
|
|||
-- | |||
Solar Designer <solar at openwall.com> | |||
|
|||
$Owl: Owl/packages/glibc/crypt_blowfish/README,v 1.10 2014/07/07 15:19:04 solar Exp $ |
Oops, something went wrong.