Subject: Re: PROPOSAL: adding capability for blowfish passwords
To: None <firstname.lastname@example.org>
From: Steven M. Bellovin <email@example.com>
Date: 05/23/2002 23:22:51
In message <20020524023015.GA23438@rek.tjls.com>, Thor Lancelot Simon writes:
>On Thu, May 23, 2002 at 08:28:28PM -0400, Sean Davis wrote:
>> On Fri, May 24, 2002 at 08:23:12AM +0900, firstname.lastname@example.org wrote:
>> > hmm. i see. we should implement $2$ as openbsd does (there's no need
>> > to be different), and the above algorithm can become $3$.
>> Sounds good to me. I could have $3$ done and (hopefully :) cleanly implement
>> in not too long, the only thing right now that I'm unsure about is how to ha
>> the salt argument to crypt. Obviously make it use the SHA512 hash if it star
>> with with $3$, but then what? just hash it in the same manner that digest us
>> to hash multiple lines? (SHA512_Update(passwordtext) then SHA512_Update(salt
>> or vice versa?)
>Uh, Steve already told you how: you use the salt as the key for HMAC_SHA512.
One other point I should mention: the code fragment I sketched had an
optional site-specific field. Today's algorithm encrypts a constant
block, which makes hashed passwords portable. That isn't necessarily
an advantage, since it lets an attacker combine password files from
multiple sites for a single cracking run. The variant allows site
administrators to change that.
Where to store this string is an open issue.
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com ("Firewalls" book)