Browse Source

Document a known bug in the DES crypt cipher implementation which we're

not going to fix in order to stay compatible with legacy password data.
Nobody should use DES crypt anyway these days.
See http://www.freebsd.org/security/advisories/FreeBSD-SA-12:02.crypt.asc
for details about this bug.
Discussed with deraadt and beck about half a year ago (I'm pruning Ms
from my tree).
OPENBSD_5_3
stsp 12 years ago
parent
commit
352d8c5bf0
1 changed files with 6 additions and 2 deletions
  1. +6
    -2
      src/lib/libc/crypt/crypt.3

+ 6
- 2
src/lib/libc/crypt/crypt.3 View File

@ -1,4 +1,4 @@
.\" $OpenBSD: crypt.3,v 1.28 2012/06/02 00:14:16 guenther Exp $
.\" $OpenBSD: crypt.3,v 1.29 2012/11/30 13:51:11 stsp Exp $
.\"
.\" FreeSec: libcrypt
.\"
@ -31,7 +31,7 @@
.\"
.\" Manual page, using -mandoc macros
.\"
.Dd $Mdocdate: June 2 2012 $
.Dd $Mdocdate: November 30 2012 $
.Dt CRYPT 3
.Os
.Sh NAME
@ -323,3 +323,7 @@ The
function returns a pointer to static data, and subsequent calls to
.Fn crypt
will modify the same object.
.Pp
With DES hashing, passwords containing the byte 0x80 use less key entropy
than other passwords.
This is an implementation bug, not a bug in the DES cipher.

Loading…
Cancel
Save