This is the mail archive of the
libc-alpha@sources.redhat.com
mailing list for the glibc project.
Re: SHA-1 in libcrypt
- To: RoboHak at protovision dot org
- Subject: Re: SHA-1 in libcrypt
- From: Mark Kettenis <kettenis at wins dot uva dot nl>
- Date: Mon, 17 Jul 2000 19:31:28 +0200
- CC: libc-alpha at sourceware dot cygnus dot com
- References: <20000717094935.C16635@protovision.org>
Date: Mon, 17 Jul 2000 09:49:35 -0700
From: RoboHak <RoboHak@protovision.org>
I've been wanting SHA in libcrypt for a while now, and I noticed
some talk about it on libc-hacker. Is anyone working on it, and
would it make it into 2.2 if someone did? I know that SRP (Secure
Remote Passwords) uses SHA or MD5 for it's /etc/passwd replacement,
and OpenLDAP also supports SHA. I'm surprised OpenBSD doesn't
support it currently, but they probably would if we started using
it. I know that $1$ is being used for MD5 and $2$ is used for
blowfish in OpenBSD, so I assume $3$ is free and would be used for
SHA. If nobody is working on this currently, is there anyone here
with hash algorithm implementation experience? If not, I may try
this for my own system and submit a patch when I'm done. Any
feedback on this would be appreciated.
What's the advantage of SHA over MD5?
Anyway, here's the SHA-1 algorithm that I've mentioned on one of the
lists before. It's LGPL'ed, and just pretend that you got it as part
of the GNU C Library, where you'll find the details on the license.
Apart from that, feel free to use it as you see fit. Oh yeah, there
might be bugs, so before you lock anything with a SHA-1 encoded
password ...
Mark