Author serhiy.storchaka
Recipients serhiy.storchaka
Date 2017-10-02.09:24:47
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1506936288.65.0.213398074469.issue31664@psf.upfronthosting.co.za>
In-reply-to
Content
Proposed PR adds support of three new methods in the crypt module.

1. Blowfish. It is considered as strong as SSH512 for crypt() purpose. There are several variants of this method: '2', '2a', '2b' and '2y'. '2y' looks the same as '2b', other variants have different flaws. All four are supported on FreeBSD. '2b' is the only method available on OpenBSD, hence this change also fixes crypt on OpenBSD (see issue25287). Blowfish is not supported in glibc, but it is added in some Linux distributions (not in Ubuntu). The most strong of the available variants is chosen.

2. Extended DES. In contrary to traditional default algorithm it uses salt longer than 2 characters. It is supported on FreeBSD.

3. NT-Hash. It doesn't use salt and is compatible with Microsoft's NT scheme. It is supported on FreeBSD.

mksalt() now takes the log_rounds argument for Blowfish. I'm not sure this is the best solution. And what should be a default value?
History
Date User Action Args
2017-10-02 09:24:48serhiy.storchakasetrecipients: + serhiy.storchaka
2017-10-02 09:24:48serhiy.storchakasetmessageid: <1506936288.65.0.213398074469.issue31664@psf.upfronthosting.co.za>
2017-10-02 09:24:48serhiy.storchakalinkissue31664 messages
2017-10-02 09:24:47serhiy.storchakacreate