From owner-freebsd-security Tue Jul 6 6: 0:38 1999 Delivered-To: freebsd-security@freebsd.org Received: from adelphi.physics.adelaide.edu.au (adelphi.physics.adelaide.edu.au [129.127.36.247]) by hub.freebsd.org (Postfix) with ESMTP id 07A2614BD3 for ; Tue, 6 Jul 1999 06:00:33 -0700 (PDT) (envelope-from kkennawa@physics.adelaide.edu.au) Received: from bragg (bragg [129.127.36.34]) by adelphi.physics.adelaide.edu.au (8.8.8/8.8.8/UofA-1.5) with SMTP id WAA10358 for ; Tue, 6 Jul 1999 22:30:29 +0930 (CST) Received: from localhost by bragg; (5.65/1.1.8.2/05Aug95-0227PM) id AA25027; Tue, 6 Jul 1999 22:30:23 +0930 Date: Tue, 6 Jul 1999 22:30:21 +0930 (CST) From: Kris Kennaway X-Sender: kkennawa@bragg To: security@freebsd.org Subject: Improved libcrypt ready for testing Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I've just finished polishing off a replacement crypt library, based on some earlier work by Brandon Gillespie, which provides the following features: * Support for MD5, SHA-1, DES (two forms), and Blowfish password (a la OpenBSD) * Password crypt format defined by login capabilities Two new login capabilities are added: localcipher - which password hash algorithm do we use for this login class? localcipherrounds - how many encryption rounds should we use (for algorithms which support it, namely New-DES and Blowfish). The 'New-DES' algorithm has actually been present in the code forever, but commented out. In contrast to the 'traditional' DES password format, NewDES passwords have 4 bytes of encoded salt (instead of 2), with no maximum password length (instead of an 8-character limit). It can also accept a definable number of encryption rounds, so is somewhat 'future-proof'. The SHA-1 algorithm is directly analogous to the FreeBSD-standard MD5 algorithm. The Blowfish algorithm is ported from OpenBSD, and also supports a customizable number of encryption rounds (from 2^4 up to 2^31). Using login.conf, you could (for example) set your root password to be a 2^12 round Blowfish password (which takes ~35 seconds to crypt() on my P120), your regular user passwords to be SHA-1, and a subset (say, users who you want to share password entries with a Sun machine) as Old-DES format. I've changed the default password format (i.e., in the absence of an overriding login class) to SHA-1 for new passwords; this is fairly arbitrary but based on the general feeling that SHA-1 is a 'stronger' algorithm than MD5. In order to accomodate multiple algorithms better, the crypted passwords have the format $token$hash$password where "token" is a string, not a numerical identifier (i.e., '1' for current MD5 passwords, and "2a" for openbsd blowfish passwords). Using a numeric identifier is non-portable across vendors without an assigning authority, and there's the possibility of collision should another vendor choose the same number as us for a different algorithm (of course, they could still choose an incompatible algorithm using MD5, etc, but this is less likely). (Cisco seem to use either our (old) MD5 algorithm for their routers, or one with the same form) The 'oldmd5' and 'openbsd' localcipher values will produce passwords in the traditional format, and 'md5' and 'blowfish' produce the new "$MD5"/"$Blowfish$" tokens. 'des', 'newdes', and 'sha1' are the other possible values. The source itself is split between the "exportable" ciphers and the restricted ones under secure/ - in contrast to the previous version, the library is only built from under /usr/src/lib/libcrypt, which pulls in the extra files from /usr/src/secure/lib/libcrypt if it exists. This means no duplication of code between the two directories. In order to support blowfish passwords, the blowfish encryption/decryption code from openbsd has been included - this probably should be broken out into its own library, perhaps combined with the DES routines into a libcrypto. The new library (and changes to passwd(1)) is available at http://www.physics.adelaide.edu.au/~kkennawa/new-crypt.tar.gz and should be extracted over the top of your /usr/src tree (since the changes are so large it's not worthwhile providing diffs). I'd appreciate it if people could test this and see how it goes (back up your current libcrypt* first!!) - I've tested it myself fairly thoroughly, but there may be some bootstrap or backwards-compatability issues, and I haven't yet tested it on an existing OpenBSD password file. I'd also like to hear any feedback about the code itself. Thanks to Brandon Gillespie (who committed the original code on which this version is based) and Mark Murray for their help. Kris ----- "Never criticize anybody until you have walked a mile in their shoes, because by that time you will be a mile away and have their shoes." -- Unknown To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message