[Pkg-shadow-devel] Linking Shadow to OpenSSL
Robert Connolly
robert at linuxfromscratch.org
Sun Aug 17 06:03:30 UTC 2008
Hello. I started a feature request for this, but maybe it will get more
feedback here. Attached is a patch to add --with-openssl. So far I got it
working with DES and MD5. I worked by example, and I didn't find examples of
using OpenSSL to make sha512 passwords that are compatible. Maybe someone who
knows what they're doing could help.
There are great advantages to using OpenSSL instead of Libc. We would have a
more robust choice in algorithms, random sources for salt, maybe hmac, and it
could pave the way towards AES passwords. Better performance with actively
maintained (asm) code for algorithms. Better portability.
I don't have the knowledge to finish the SHA patch, but I would like to use
RAND_pseudo_bytes() for password salt so we can finally start using
unpredictable (not gettimeofday+getpid) non-alphanumeric salt.
Opinions, help, comments?
robert
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pkg-shadow-openssl9.diff
Type: text/x-diff
Size: 9363 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/attachments/20080817/d160dc5f/attachment-0001.diff
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/attachments/20080817/d160dc5f/attachment-0001.pgp
More information about the Pkg-shadow-devel
mailing list