CVS commit: src

To: source-changes%NetBSD.org@localhost
Subject: CVS commit: src
From: "Simon J. Gerraty" <sjg%netbsd.org@localhost>
Date: Fri, 2 Jul 2004 00:05:23 +0000 (UTC)

Module Name:    src
Committed By:   sjg
Date:           Fri Jul  2 00:05:23 UTC 2004

Modified Files:
        src/lib/libc/hash: Makefile.inc
        src/lib/libcrypt: Makefile crypt.c md5crypt.c
        src/lib/libcrypto: Makefile
        src/share/man/man5: passwd.conf.5
        src/usr.bin/passwd: Makefile pwd_gensalt.c
        src/usr.bin/pwhash: Makefile pwhash.c
Added Files:
        src/lib/libc/hash: hmac.c hmac_md5.c hmac_sha1.c
        src/lib/libcrypt: crypt-sha1.c crypt.h util.c

Log Message:
Add support for SHA1 hashed passwords.
The algorithm used is essentially PBKDF1 from RFC 2898 but using
hmac_sha1 rather than SHA1 directly (suggested by 
smb%research.att.com@localhost).

 * The format of the encrypted password is:
 * $<tag>$<iterations>$<salt>$<digest>
 *
 * where:
 *      <tag>           is "sha1"
 *      <iterations>    is an unsigned int identifying how many rounds
 *                      have been applied to <digest>.  The number
 *                      should vary slightly for each password to make
 *                      it harder to generate a dictionary of
 *                      pre-computed hashes.  See crypt_sha1_iterations.
 *      <salt>          up to 64 bytes of random data, 8 bytes is
 *                      currently considered more than enough.
 *      <digest>        the hashed password.

hmac.c implementes HMAC as defined in RFC 2104 and includes a unit
test for both hmac_sha1 and hmac_sha1 using a selection of the Known
Answer Tests from RFC 2202.

It is worth noting that to be FIPS compliant the hmac key (password)
should be 10-20 chars.


To generate a diff of this commit:
cvs rdiff -r1.4 -r1.5 src/lib/libc/hash/Makefile.inc
cvs rdiff -r0 -r1.1 src/lib/libc/hash/hmac.c src/lib/libc/hash/hmac_md5.c \
    src/lib/libc/hash/hmac_sha1.c
cvs rdiff -r1.14 -r1.15 src/lib/libcrypt/Makefile
cvs rdiff -r0 -r1.1 src/lib/libcrypt/crypt-sha1.c src/lib/libcrypt/crypt.h \
    src/lib/libcrypt/util.c
cvs rdiff -r1.21 -r1.22 src/lib/libcrypt/crypt.c
cvs rdiff -r1.7 -r1.8 src/lib/libcrypt/md5crypt.c
cvs rdiff -r1.35 -r1.36 src/lib/libcrypto/Makefile
cvs rdiff -r1.6 -r1.7 src/share/man/man5/passwd.conf.5
cvs rdiff -r1.34 -r1.35 src/usr.bin/passwd/Makefile
cvs rdiff -r1.10 -r1.11 src/usr.bin/passwd/pwd_gensalt.c
cvs rdiff -r1.1 -r1.2 src/usr.bin/pwhash/Makefile
cvs rdiff -r1.5 -r1.6 src/usr.bin/pwhash/pwhash.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: src/include
Next by Date: CVS commit: src/doc
Previous by Thread: CVS commit: src/include
Next by Thread: CVS commit: src/doc
Indexes:

Home | Main Index | Thread Index | Old Index