Subject: Re: PROPOSAL: adding capability for blowfish passwords
To: None <firstname.lastname@example.org>
From: Thor Lancelot Simon <email@example.com>
Date: 05/23/2002 22:30:15
On Thu, May 23, 2002 at 08:28:28PM -0400, Sean Davis wrote:
> On Fri, May 24, 2002 at 08:23:12AM +0900, firstname.lastname@example.org wrote:
> > hmm. i see. we should implement $2$ as openbsd does (there's no need
> > to be different), and the above algorithm can become $3$.
> Sounds good to me. I could have $3$ done and (hopefully :) cleanly implemented
> in not too long, the only thing right now that I'm unsure about is how to handle
> the salt argument to crypt. Obviously make it use the SHA512 hash if it starts
> with with $3$, but then what? just hash it in the same manner that digest uses
> to hash multiple lines? (SHA512_Update(passwordtext) then SHA512_Update(salt),
> or vice versa?)
Uh, Steve already told you how: you use the salt as the key for HMAC_SHA512.