Up to [cvs.NetBSD.org] / src / lib / libcrypt
Request diff between arbitrary revisions
Default branch: MAIN
Current tag: netbsd-3-1-RC1
Revision 1.8 / (download) - annotate - [select for diffs], Fri Jul 2 00:05:23 2004 UTC (19 years, 9 months ago) by sjg
Branch: MAIN
CVS Tags: wrstuden-fixsa-newbase,
wrstuden-fixsa-base-1,
wrstuden-fixsa-base,
wrstuden-fixsa,
netbsd-4-base,
netbsd-4-0-RELEASE,
netbsd-4-0-RC5,
netbsd-4-0-RC4,
netbsd-4-0-RC3,
netbsd-4-0-RC2,
netbsd-4-0-RC1,
netbsd-4-0-1-RELEASE,
netbsd-4-0,
netbsd-4,
netbsd-3-base,
netbsd-3-1-RELEASE,
netbsd-3-1-RC4,
netbsd-3-1-RC3,
netbsd-3-1-RC2,
netbsd-3-1-RC1,
netbsd-3-1-1-RELEASE,
netbsd-3-1,
netbsd-3-0-RELEASE,
netbsd-3-0-RC6,
netbsd-3-0-RC5,
netbsd-3-0-RC4,
netbsd-3-0-RC3,
netbsd-3-0-RC2,
netbsd-3-0-RC1,
netbsd-3-0-3-RELEASE,
netbsd-3-0-2-RELEASE,
netbsd-3-0-1-RELEASE,
netbsd-3-0,
netbsd-3,
abandoned-netbsd-4-base,
abandoned-netbsd-4
Changes since 1.7: +10 -22
lines
Diff to previous 1.7 (colored)
Add support for SHA1 hashed passwords. The algorithm used is essentially PBKDF1 from RFC 2898 but using hmac_sha1 rather than SHA1 directly (suggested by smb@research.att.com). * The format of the encrypted password is: * $<tag>$<iterations>$<salt>$<digest> * * where: * <tag> is "sha1" * <iterations> is an unsigned int identifying how many rounds * have been applied to <digest>. The number * should vary slightly for each password to make * it harder to generate a dictionary of * pre-computed hashes. See crypt_sha1_iterations. * <salt> up to 64 bytes of random data, 8 bytes is * currently considered more than enough. * <digest> the hashed password. hmac.c implementes HMAC as defined in RFC 2104 and includes a unit test for both hmac_sha1 and hmac_sha1 using a selection of the Known Answer Tests from RFC 2202. It is worth noting that to be FIPS compliant the hmac key (password) should be 10-20 chars.