Patch: Blowfish and SHA support for crypt

Ed W lists at wildgooses.com
Sat Oct 22 19:58:11 UTC 2011 

Hi, I had a need for bsd style blowfish (bcrypt) and glibc style sha2,
crypt functions. 

The bcrypt code mostly comes from openwall and is included as standard
in Suse (and BSD).  I have adapted it to remove the wrapper code.  We
get re-entrant encryption entry points for free and I added a non
re-entrant point for uclibc (since we don't yet support re-entrant
calls).  This function is useful for compatibility with various web
libraries which are increasingly encouraging developers to use strong
hashing techniques, with bcrypt being the current favourite.  Why it's
useful is because many other applications such as Dovecot ask the libc
crypt function to generate the hash and compare with the value in the DB
- so adding this to your libc gives you automatic support in Dovecot and
your web admin interface can use strong hashes...

Although bcrypt is most common in web toolkits, it uses the blowfish
encryption algorithm and some users are constrained to only use
"approved" hash functions.  Therefore glibc added a similar repetitive
hash function (with a configurable number of repeated rounds to
deliberately burn CPU), but using the SHA2 hash.  I haven't yet seen
support outside of the crypt function, but this is potentially a very
strong hash algorithm and I believe the default in many distros (?). 
The patch attached is lifted almost directly from glibc.

I found this page useful for generating hashes to test the uclibc crypt
function with these patches:
    http://openwall.info/wiki/john/Generating-test-hashes

Grateful for feedback on code style, etc and if necessary I can
re-submit in appropriate style?

Thanks

Ed W
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: uclibc-blowfish.patch
URL: <http://lists.busybox.net/pipermail/uclibc/attachments/20111022/4dec3d7c/attachment-0002.ksh>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: uclibc-sha.patch
URL: <http://lists.busybox.net/pipermail/uclibc/attachments/20111022/4dec3d7c/attachment-0003.ksh>

More information about the uClibc mailing list