[Pkg-shadow-devel] Linking Shadow to OpenSSL

Robert Connolly robert at linuxfromscratch.org
Sun Aug 17 06:03:30 UTC 2008

Hello. I started a feature request for this, but maybe it will get more 
feedback here. Attached is a patch to add --with-openssl. So far I got it 
working with DES and MD5. I worked by example, and I didn't find examples of 
using OpenSSL to make sha512 passwords that are compatible. Maybe someone who 
knows what they're doing could help.

There are great advantages to using OpenSSL instead of Libc. We would have a 
more robust choice in algorithms, random sources for salt, maybe hmac, and it 
could pave the way towards AES passwords. Better performance with actively 
maintained (asm) code for algorithms. Better portability.

I don't have the knowledge to finish the SHA patch, but I would like to use 
RAND_pseudo_bytes() for password salt so we can finally start using 
unpredictable (not gettimeofday+getpid) non-alphanumeric salt.

Opinions, help, comments?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: pkg-shadow-openssl9.diff
Type: text/x-diff
Size: 9363 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/attachments/20080817/d160dc5f/attachment-0001.diff 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/attachments/20080817/d160dc5f/attachment-0001.pgp 

More information about the Pkg-shadow-devel mailing list