Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 6 Jul 1999 22:30:21 +0930 (CST)
From:      Kris Kennaway <kkennawa@physics.adelaide.edu.au>
To:        security@freebsd.org
Subject:   Improved libcrypt ready for testing
Message-ID:  <Pine.OSF.4.10.9907062220400.16135-100000@bragg>

next in thread | raw e-mail | index | archive | help
I've just finished polishing off a replacement crypt library, based on
some earlier work by Brandon Gillespie, which provides the following
features:

	* Support for MD5, SHA-1, DES (two forms), and Blowfish password
	  (a la OpenBSD)

	* Password crypt format defined by login capabilities

Two new login capabilities are added:

localcipher -  which password hash algorithm do we use for this login
	class?
localcipherrounds -  how many encryption rounds should we use (for
	algorithms which support it, namely New-DES and Blowfish).

The 'New-DES' algorithm has actually been present in the code forever, but
commented out. In contrast to the 'traditional' DES password format,
NewDES passwords have 4 bytes of encoded salt (instead of 2), with no
maximum password length (instead of an 8-character limit). It can also
accept a definable number of encryption rounds, so is somewhat
'future-proof'.

The SHA-1 algorithm is directly analogous to the FreeBSD-standard MD5
algorithm.

The Blowfish algorithm is ported from OpenBSD, and also supports a
customizable number of encryption rounds (from 2^4 up to 2^31).

Using login.conf, you could (for example) set your root password to be a
2^12 round Blowfish password (which takes ~35 seconds to crypt() on my
P120), your regular user passwords to be SHA-1, and a subset (say, users
who you want to share password entries with a Sun machine) as Old-DES
format.

I've changed the default password format (i.e., in the absence of an
overriding login class) to SHA-1 for new passwords; this is fairly
arbitrary but based on the general feeling that SHA-1 is a 'stronger'
algorithm than MD5.

In order to accomodate multiple algorithms better, the crypted passwords have
the format $token$hash$password where "token" is a string, not a numerical
identifier (i.e., '1' for current MD5 passwords, and "2a" for openbsd blowfish
passwords). Using a numeric identifier is non-portable across vendors without
an assigning authority, and there's the possibility of collision should
another vendor choose the same number as us for a different algorithm (of
course, they could still choose an incompatible algorithm using MD5, etc, but
this is less likely). (Cisco seem to use either our (old) MD5 algorithm for
their routers, or one with the same form)

The 'oldmd5' and 'openbsd' localcipher values will produce passwords in
the traditional format, and 'md5' and 'blowfish' produce the new
"$MD5"/"$Blowfish$" tokens. 'des', 'newdes', and 'sha1' are the other
possible values.

The source itself is split between the "exportable" ciphers and the
restricted ones under secure/ - in contrast to the previous version, the
library is only built from under /usr/src/lib/libcrypt, which pulls in the
extra files from /usr/src/secure/lib/libcrypt if it exists. This means no
duplication of code between the two directories.

In order to support blowfish passwords, the blowfish encryption/decryption
code from openbsd has been included - this probably should be broken out
into its own library, perhaps combined with the DES routines into a
libcrypto.

The new library (and changes to passwd(1)) is available at

http://www.physics.adelaide.edu.au/~kkennawa/new-crypt.tar.gz

and should be extracted over the top of your /usr/src tree (since the
changes are so large it's not worthwhile providing diffs). I'd appreciate
it if people could test this and see how it goes (back up your current
libcrypt* first!!) - I've tested it myself fairly thoroughly, but there
may be some bootstrap or backwards-compatability issues, and I haven't yet
tested it on an existing OpenBSD password file. I'd also like to hear any
feedback about the code itself.

Thanks to Brandon Gillespie (who committed the original code on which
this version is based) and Mark Murray for their help.

Kris

-----
"Never criticize anybody until you have walked a mile in their shoes,
because by that time you will be a mile away and have their shoes."
    -- Unknown



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.OSF.4.10.9907062220400.16135-100000>