This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.
| Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
|---|---|---|
| Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
| Other format: | [Raw text] | |
On Thu, Jun 01, 2017 at 11:23:36AM +0200, Florian Weimer wrote: > On 05/31/2017 07:33 PM, Björn Esser wrote: > > +Solar Designer <solar at openwall.com> > > I think we generally prefer patch submission from the original author or > copyright holder. I'm quite sure the original author has no time for this, but you definitely can contact him on this subject. > Are the crypt_gensalt functions strongly related to Blowfish support? Not really. > In any case, they need documentation, JFYI, crypt_blowfish comes with its own crypt(3) manual page documenting them. > and I'm not sure if the interfaces > are properly designed (haven't looked in detail, admittedly). They are properly designed, no doubts about it, unlike the infamous change of crypt(3) to return NULL for bad salt. As to this API extension, it's arguably even more important than having bcrypt support in libcrypt. The only drawback of adding crypt_gensalt et al functions without bcrypt is potential breakage of various configure scripts that decide whether to rely on bcrypt support in libcrypt or not based on the crypt_gensalt availability in libcrypt. > The other question is why we should add Blowfish support when the cipher > is pretty much on everyone's banned list. Is there any link between bcrypt support in libcrypt and Blowfish support in ssh/ssl/etc, besides a psychological one? -- ldv
Attachment:
signature.asc
Description: PGP signature
| Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
|---|---|---|
| Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |