Subject: Re: PROPOSAL: adding capability for blowfish passwords
To: None <current-users@netbsd.org>
From: Thor Lancelot Simon <tls@rek.tjls.com>
List: current-users
Date: 05/23/2002 22:30:15
On Thu, May 23, 2002 at 08:28:28PM -0400, Sean Davis wrote:
> On Fri, May 24, 2002 at 08:23:12AM +0900, itojun@iijlab.net wrote:
> > 	hmm.  i see.  we should implement $2$ as openbsd does (there's no need
> > 	to be different), and the above algorithm can become $3$.
> 
> Sounds good to me. I could have $3$ done and (hopefully :) cleanly implemented
> in not too long, the only thing right now that I'm unsure about is how to handle
> the salt argument to crypt. Obviously make it use the SHA512 hash if it starts
> with with $3$, but then what? just hash it in the same manner that digest uses
> to hash multiple lines? (SHA512_Update(passwordtext) then SHA512_Update(salt),
> or vice versa?)

Uh, Steve already told you how: you use the salt as the key for HMAC_SHA512.

Thor