SHA1 works now: http://www.linuxfromscratch.org/~robert/new/shadow-openssl/shadow-4.0.4.1-openssl.diff7
Add 'SHA1_CRYPT_ENAB yes' to /etc/login.defs: nobody:$sha1$8$sal$uBiC26jNrQy3MYfz9yYC1pAXu6C8:13632:0:99999:7::: There's no standard salt for sha1, unlike md5 and bcrypt, from what I can see. I used netbsd's hmac-sha1. This patch uses a static iteration, and salt, at the moment ($sha1$8$salt$). The iteration is going to be a somewhat random value.. "srandom(time(NULL) ^ (pid * pid)); iterations = 24680 - (random() % (24680 / 4))", to make pre-computed dictionary attacks more difficult. hmac-md5 should also be able to share the same routines, but it's not really worth it for md5, and it would break backwards-compatibility. sha512 should work, but I haven't tried it yet. Shadow's config is not really designed for more than two ciphers, so after fixing the salt.c file, the getdefs.c needs to be fixed to use different login.defs settings. Anyone know what's going on with the Shadow project? The web site, ftp, and cvs sites are down for weeks. robert
pgpugOvGTEWqn.pgp
Description: PGP signature
-- http://linuxfromscratch.org/mailman/listinfo/hlfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
