Subject: Re: SHA1 hashed passwords
To: None <>
From: Simon Gerraty <>
List: tech-security
Date: 06/21/2004 17:29:37
I'm going to commit in a day or so unless I hear objections (with
suggested solutions ;-)

I've got -current built with support for SHA1 passwords as
discussed a while back.  Alistair has an update to user(8) waiting... 

Before I can commit I'd like to check some things...
I've added

	hmac_md5[.c]		I don't need this but its free ;-)
	both just set some defines and include hmac.c

	__crypt_sha1_iterations - takes its arg as a hint and returns a number
				  that is randomly less (up to 25% less)

	__crypt_to64		- was static to64 in md5crypt.c

Now, is it bad form for passwd/pwd_gensalt.c and pwhash/pwhash.c
to call __crypt_sha1_iterations and __crypt_to64 ???

Do I need to bump any library versions anyway?  
If so, it would it be better to rename __crypt_to64 and
__crypt_sha1_iterations to lose the __ ?

FWIW diffs are in ~sjg/crypt-sha1.1 on ftp.n.o