On Thursday August 7 2008 08:18:28 pm Kevin Day wrote: > On Thu, Aug 7, 2008 at 7:00 PM, Robert Connolly > > <[EMAIL PROTECTED]> wrote: > > On Friday August 1 2008 01:32:03 pm Kevin Day wrote: > >> The shadow 4.1.* series at long last added decent encryption > >> techniques, namely AES. > >> However, I did not see mention of the Blowfish algorithm making it's way > >> in. > >> > >> Are the shadow blowfish (owl) patches going to be converted or have > >> they already been prepared for the 4.1 series. > >> > >> If neither, then perhaps at some point I will look into doing the patch > >> myself. > >> > >> -- > >> Kevin Day > > > > I think you mean SHA512. I don't see AES support in Shadow-utils. > > > > robert > > Your are correct, I cannot seem to find aes either. > Perhaps I dreamed it up while I was sleeping. > > Anyway, I am going to make a request for Blowfish inclusion. > > There was some request before, but it was not accepted (nor shot down) > due to them not knowing whether people would want it. So I shall > attempt to explain that there are people who do want blowfish in > shadow. > > http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/2008-May/006622.h >tml > http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/2008-May/006621.h >tml > > > As an FYI, I am starting to reach a saturation point in mailing lists > and am starting to forget which mailing list I am talking on. So, > heres a heads up apology for any upcoming send to the wrong mailing > list that is probably going to happen. > > -- > Kevin Day
I still think the ideal solution to this is adding openssl support to shadow. Openssl is the best candidate for a crypto library for shadow. I more or less had it working with old shadow versions, with md5 and sha*, at: http://www.linuxfromscratch.org/~robert/new/shadow-openssl/ Bcrypt passwords use an adaptation of blowfish, and so bcrypt passwords can't be generated by openssl, unless they add it. The current Glibc staff have completely rejected bcrypt. Openssl might accept a patch for it. I'm confident that the shadow team would accept a patch for openssl support of des, md5 and sha*, and that would be enough to get the ball rolling for others to add the additional algorithms, like aes. robert
pgpht1D7sBfc6.pgp
Description: PGP signature
-- http://linuxfromscratch.org/mailman/listinfo/hlfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
