#
1.8 |
|
16-Oct-2021 |
nia |
libcrypt: Hide more private symbols by default. Fix style.
|
#
1.7 |
|
12-Oct-2021 |
nia |
crypt(3): match the Argon2 reference implementation's Base64 exactly
There are too many minor variations regarding padding and exact alphabet to safely use the implementation in libc or an existing implementation in libcrypt.
|
#
1.6 |
|
12-Oct-2021 |
nia |
crypt(3): Make Argon2 implementation match the reference impl by making sure input salts are decoded as base64.
|
Revision tags: cjep_sun2x-base1 cjep_sun2x-base cjep_staticlib_x-base1 cjep_staticlib_x-base phil-wifi-20200421 phil-wifi-20200411 is-mlppp-base phil-wifi-20200406 phil-wifi-20191119
|
#
1.5 |
|
21-Oct-2019 |
jhigh |
adding argon2 support to libcrypt. argon2 user authentication now available via MKARGON2=yes (3 variants supported; argon2id recommended) before using, please read argon2 paper at https://github.com/P-H-C/phc-winner-argon2
|
Revision tags: netbsd-9-2-RELEASE netbsd-9-1-RELEASE netbsd-8-2-RELEASE netbsd-9-0-RELEASE netbsd-9-0-RC2 netbsd-9-0-RC1 netbsd-9-base phil-wifi-20190609 netbsd-8-1-RELEASE netbsd-8-1-RC1 pgoyette-compat-merge-20190127 pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020 pgoyette-compat-0930 pgoyette-compat-0906 netbsd-7-2-RELEASE pgoyette-compat-0728 netbsd-8-0-RELEASE phil-wifi-base pgoyette-compat-0625 netbsd-8-0-RC2 pgoyette-compat-0521 pgoyette-compat-0502 pgoyette-compat-0422 netbsd-8-0-RC1 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315 netbsd-7-1-2-RELEASE pgoyette-compat-base netbsd-7-1-1-RELEASE matt-nb8-mediatek-base perseant-stdc-iso10646-base netbsd-8-base prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1 pgoyette-localcount-20170320 netbsd-7-1-RELEASE netbsd-7-1-RC2 netbsd-7-nhusb-base-20170116 bouyer-socketcan-base pgoyette-localcount-20170107 netbsd-7-1-RC1 pgoyette-localcount-20161104 netbsd-7-0-2-RELEASE localcount-20160914 netbsd-7-nhusb-base pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base netbsd-7-0-1-RELEASE netbsd-7-0-RELEASE netbsd-7-0-RC3 netbsd-7-0-RC2 netbsd-7-0-RC1 netbsd-5-2-3-RELEASE netbsd-5-1-5-RELEASE netbsd-6-0-6-RELEASE netbsd-6-1-5-RELEASE netbsd-7-base yamt-pagecache-base9 yamt-pagecache-tag8 netbsd-6-1-4-RELEASE netbsd-6-0-5-RELEASE tls-earlyentropy-base riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3 netbsd-6-1-3-RELEASE netbsd-6-0-4-RELEASE netbsd-5-2-2-RELEASE netbsd-5-1-4-RELEASE netbsd-6-1-2-RELEASE netbsd-6-0-3-RELEASE netbsd-5-2-1-RELEASE netbsd-5-1-3-RELEASE netbsd-6-1-1-RELEASE riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 agc-symver-base netbsd-6-1-RC2 netbsd-6-1-RC1 yamt-pagecache-base8 netbsd-6-0-1-RELEASE yamt-pagecache-base7 netbsd-5-2-RELEASE netbsd-5-2-RC1 matt-nb6-plus-nbase yamt-pagecache-base6 netbsd-6-0-RELEASE netbsd-6-0-RC2 tls-maxphys-base matt-nb6-plus-base netbsd-6-0-RC1 yamt-pagecache-base5 yamt-pagecache-base4 netbsd-6-base netbsd-5-1-2-RELEASE netbsd-5-1-1-RELEASE yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base cherry-xenmp-base bouyer-quota2-nbase bouyer-quota2-base matt-mips64-premerge-20101231 matt-nb5-mips64-premerge-20101231 matt-nb5-pq3-base netbsd-5-1-RELEASE netbsd-5-1-RC4 matt-nb5-mips64-k15 netbsd-5-1-RC3 netbsd-5-1-RC2 netbsd-5-1-RC1 netbsd-5-0-2-RELEASE matt-nb5-mips64-premerge-20091211 matt-premerge-20091211 matt-nb5-mips64-u2-k2-k4-k7-k8-k9 matt-nb4-mips64-k7-u2a-k9b matt-nb5-mips64-u1-k1-k5 netbsd-5-0-1-RELEASE jym-xensuspend-nbase netbsd-5-0-RELEASE netbsd-5-0-RC4 netbsd-5-0-RC3 netbsd-5-0-RC2 jym-xensuspend-base netbsd-5-0-RC1 netbsd-5-base matt-mips64-base2 mjf-devfs2-base netbsd-4-0-1-RELEASE wrstuden-revivesa-base-3 wrstuden-revivesa-base-2 wrstuden-fixsa-newbase wrstuden-revivesa-base-1 yamt-pf42-base4 yamt-pf42-base3 hpcarm-cleanup-nbase yamt-pf42-baseX yamt-pf42-base2 wrstuden-revivesa-base yamt-pf42-base keiichi-mipv6-base matt-armv6-nbase matt-armv6-prevmlocking wrstuden-fixsa-base-1 netbsd-4-0-RELEASE cube-autoconf-base netbsd-4-0-RC5 netbsd-4-0-RC4 netbsd-4-0-RC3 netbsd-4-0-RC2 netbsd-4-0-RC1 matt-armv6-base matt-mips64-base hpcarm-cleanup-base wrstuden-fixsa-base netbsd-4-base
|
#
1.4 |
|
27-Oct-2006 |
drochner |
branches: 1.4.82; As discussed back in June, move the implementation of hmac_sha1 here because this is not a public function and crypt-sha1.c is the only place where it is used (It must have been that way formerly, because there was a stale prototype in crypt.h all the time.) Being here, do some RCSID and prototype cleanup, and add as much "const" as needed to compile these files with WARNS=3.
|
Revision tags: netbsd-3-1-1-RELEASE netbsd-3-0-3-RELEASE abandoned-netbsd-4-base netbsd-3-1-RELEASE netbsd-3-0-2-RELEASE netbsd-3-1-RC4 netbsd-3-1-RC3 netbsd-3-1-RC2 netbsd-3-1-RC1 netbsd-3-0-1-RELEASE netbsd-3-0-RELEASE netbsd-3-0-RC6 netbsd-3-0-RC5 netbsd-3-0-RC4 netbsd-3-0-RC3 netbsd-3-0-RC2 netbsd-3-0-RC1 netbsd-3-base
|
#
1.3 |
|
12-Jan-2005 |
christos |
- change the gensalt functions to take an optional string instead of the number of rounds. - make pw_gensalt() more generic, so that it does not depend in libutil.
|
#
1.2 |
|
11-Jan-2005 |
christos |
- remove local UNCONST - add new __gensalt functions
|
#
1.1 |
|
02-Jul-2004 |
sjg |
Add support for SHA1 hashed passwords. The algorithm used is essentially PBKDF1 from RFC 2898 but using hmac_sha1 rather than SHA1 directly (suggested by smb@research.att.com).
* The format of the encrypted password is: * $<tag>$<iterations>$<salt>$<digest> * * where: * <tag> is "sha1" * <iterations> is an unsigned int identifying how many rounds * have been applied to <digest>. The number * should vary slightly for each password to make * it harder to generate a dictionary of * pre-computed hashes. See crypt_sha1_iterations. * <salt> up to 64 bytes of random data, 8 bytes is * currently considered more than enough. * <digest> the hashed password.
hmac.c implementes HMAC as defined in RFC 2104 and includes a unit test for both hmac_sha1 and hmac_sha1 using a selection of the Known Answer Tests from RFC 2202.
It is worth noting that to be FIPS compliant the hmac key (password) should be 10-20 chars.
|
#
1.5 |
|
21-Oct-2019 |
jhigh |
adding argon2 support to libcrypt. argon2 user authentication now available via MKARGON2=yes (3 variants supported; argon2id recommended) before using, please read argon2 paper at https://github.com/P-H-C/phc-winner-argon2
|
Revision tags: netbsd-9-base phil-wifi-20190609 netbsd-8-1-RELEASE netbsd-8-1-RC1 pgoyette-compat-merge-20190127 pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020 pgoyette-compat-0930 pgoyette-compat-0906 netbsd-7-2-RELEASE pgoyette-compat-0728 netbsd-8-0-RELEASE phil-wifi-base pgoyette-compat-0625 netbsd-8-0-RC2 pgoyette-compat-0521 pgoyette-compat-0502 pgoyette-compat-0422 netbsd-8-0-RC1 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315 netbsd-7-1-2-RELEASE pgoyette-compat-base netbsd-7-1-1-RELEASE matt-nb8-mediatek-base perseant-stdc-iso10646-base netbsd-8-base prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1 pgoyette-localcount-20170320 netbsd-7-1-RELEASE netbsd-7-1-RC2 netbsd-7-nhusb-base-20170116 bouyer-socketcan-base pgoyette-localcount-20170107 netbsd-7-1-RC1 pgoyette-localcount-20161104 netbsd-7-0-2-RELEASE localcount-20160914 netbsd-7-nhusb-base pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base netbsd-7-0-1-RELEASE netbsd-7-0-RELEASE netbsd-7-0-RC3 netbsd-7-0-RC2 netbsd-7-0-RC1 netbsd-5-2-3-RELEASE netbsd-5-1-5-RELEASE netbsd-6-0-6-RELEASE netbsd-6-1-5-RELEASE netbsd-7-base yamt-pagecache-base9 yamt-pagecache-tag8 netbsd-6-1-4-RELEASE netbsd-6-0-5-RELEASE tls-earlyentropy-base riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3 netbsd-6-1-3-RELEASE netbsd-6-0-4-RELEASE netbsd-5-2-2-RELEASE netbsd-5-1-4-RELEASE netbsd-6-1-2-RELEASE netbsd-6-0-3-RELEASE netbsd-5-2-1-RELEASE netbsd-5-1-3-RELEASE netbsd-6-1-1-RELEASE riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 agc-symver-base netbsd-6-1-RC2 netbsd-6-1-RC1 yamt-pagecache-base8 netbsd-6-0-1-RELEASE yamt-pagecache-base7 netbsd-5-2-RELEASE netbsd-5-2-RC1 matt-nb6-plus-nbase yamt-pagecache-base6 netbsd-6-0-RELEASE netbsd-6-0-RC2 tls-maxphys-base matt-nb6-plus-base netbsd-6-0-RC1 yamt-pagecache-base5 yamt-pagecache-base4 netbsd-6-base netbsd-5-1-2-RELEASE netbsd-5-1-1-RELEASE yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base cherry-xenmp-base bouyer-quota2-nbase bouyer-quota2-base matt-mips64-premerge-20101231 matt-nb5-mips64-premerge-20101231 matt-nb5-pq3-base netbsd-5-1-RELEASE netbsd-5-1-RC4 matt-nb5-mips64-k15 netbsd-5-1-RC3 netbsd-5-1-RC2 netbsd-5-1-RC1 netbsd-5-0-2-RELEASE matt-nb5-mips64-premerge-20091211 matt-premerge-20091211 matt-nb5-mips64-u2-k2-k4-k7-k8-k9 matt-nb4-mips64-k7-u2a-k9b matt-nb5-mips64-u1-k1-k5 netbsd-5-0-1-RELEASE jym-xensuspend-nbase netbsd-5-0-RELEASE netbsd-5-0-RC4 netbsd-5-0-RC3 netbsd-5-0-RC2 jym-xensuspend-base netbsd-5-0-RC1 netbsd-5-base matt-mips64-base2 mjf-devfs2-base netbsd-4-0-1-RELEASE wrstuden-revivesa-base-3 wrstuden-revivesa-base-2 wrstuden-fixsa-newbase wrstuden-revivesa-base-1 yamt-pf42-base4 yamt-pf42-base3 hpcarm-cleanup-nbase yamt-pf42-baseX yamt-pf42-base2 wrstuden-revivesa-base yamt-pf42-base keiichi-mipv6-base matt-armv6-nbase matt-armv6-prevmlocking wrstuden-fixsa-base-1 netbsd-4-0-RELEASE cube-autoconf-base netbsd-4-0-RC5 netbsd-4-0-RC4 netbsd-4-0-RC3 netbsd-4-0-RC2 netbsd-4-0-RC1 matt-armv6-base matt-mips64-base hpcarm-cleanup-base wrstuden-fixsa-base netbsd-4-base
|
#
1.4 |
|
27-Oct-2006 |
drochner |
As discussed back in June, move the implementation of hmac_sha1 here because this is not a public function and crypt-sha1.c is the only place where it is used (It must have been that way formerly, because there was a stale prototype in crypt.h all the time.) Being here, do some RCSID and prototype cleanup, and add as much "const" as needed to compile these files with WARNS=3.
|
Revision tags: netbsd-3-1-1-RELEASE netbsd-3-0-3-RELEASE abandoned-netbsd-4-base netbsd-3-1-RELEASE netbsd-3-0-2-RELEASE netbsd-3-1-RC4 netbsd-3-1-RC3 netbsd-3-1-RC2 netbsd-3-1-RC1 netbsd-3-0-1-RELEASE netbsd-3-0-RELEASE netbsd-3-0-RC6 netbsd-3-0-RC5 netbsd-3-0-RC4 netbsd-3-0-RC3 netbsd-3-0-RC2 netbsd-3-0-RC1 netbsd-3-base
|
#
1.3 |
|
12-Jan-2005 |
christos |
- change the gensalt functions to take an optional string instead of the number of rounds. - make pw_gensalt() more generic, so that it does not depend in libutil.
|
#
1.2 |
|
11-Jan-2005 |
christos |
- remove local UNCONST - add new __gensalt functions
|
#
1.1 |
|
02-Jul-2004 |
sjg |
Add support for SHA1 hashed passwords. The algorithm used is essentially PBKDF1 from RFC 2898 but using hmac_sha1 rather than SHA1 directly (suggested by smb@research.att.com).
* The format of the encrypted password is: * $<tag>$<iterations>$<salt>$<digest> * * where: * <tag> is "sha1" * <iterations> is an unsigned int identifying how many rounds * have been applied to <digest>. The number * should vary slightly for each password to make * it harder to generate a dictionary of * pre-computed hashes. See crypt_sha1_iterations. * <salt> up to 64 bytes of random data, 8 bytes is * currently considered more than enough. * <digest> the hashed password.
hmac.c implementes HMAC as defined in RFC 2104 and includes a unit test for both hmac_sha1 and hmac_sha1 using a selection of the Known Answer Tests from RFC 2202.
It is worth noting that to be FIPS compliant the hmac key (password) should be 10-20 chars.
|