Module Name:	src
Committed By:	dan
Date:		Wed Mar 17 01:29:13 UTC 2004

Modified Files:
	src/sbin/cgdconfig: cgdconfig.8 cgdconfig.c params.c params.h
	    pkcs5_pbkdf2.c pkcs5_pbkdf2.h

Log Message:
Fix a longstanding algorithmic flaw in PKCS#5 key generation.

The existing pkcs5_pbdkf2 keygen method is retained functionally
as-is, for compatibility with existing params files.  The corrected
algorithm, which is now the default for new params file generation, is
called pkcs5_pbkdf2/sha1.

NB. The backwards compatibility for the miscreant keygen method will
be removed at the same time as support for the previous parameters
file syntax. Sometime between now and then, users should update their
params files using -G, which will create a new params file including
an xor value so that the resulting generated key is the same; they
should also

Problem discovery and 2-char algorithm fix by Charles Blundell, messy
compat goop by me, long complicated names by Roland Dowdeswell.

Update manpage accordingly and bump date.


To generate a diff of this commit:
cvs rdiff -r1.16 -r1.17 src/sbin/cgdconfig/cgdconfig.8
cvs rdiff -r1.9 -r1.10 src/sbin/cgdconfig/cgdconfig.c
cvs rdiff -r1.8 -r1.9 src/sbin/cgdconfig/params.c
cvs rdiff -r1.5 -r1.6 src/sbin/cgdconfig/params.h
cvs rdiff -r1.4 -r1.5 src/sbin/cgdconfig/pkcs5_pbkdf2.c
cvs rdiff -r1.2 -r1.3 src/sbin/cgdconfig/pkcs5_pbkdf2.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.