Browse Source

Repairs.

OPENBSD_2_7
aaron 25 years ago
parent
commit
36ceaa2f58
3 changed files with 69 additions and 51 deletions
  1. +5
    -5
      src/lib/libc/crypt/arc4random.3
  2. +3
    -2
      src/lib/libc/crypt/blowfish.3
  3. +61
    -44
      src/lib/libc/crypt/crypt.3

+ 5
- 5
src/lib/libc/crypt/arc4random.3 View File

@ -1,4 +1,4 @@
.\" $OpenBSD: arc4random.3,v 1.13 2000/04/15 02:15:22 aaron Exp $
.\" $OpenBSD: arc4random.3,v 1.14 2000/04/18 02:31:34 aaron Exp $
.\"
.\" Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
.\" All rights reserved.
@ -50,8 +50,8 @@
The
.Fn arc4random
function uses the key stream generator employed by the
arc4 cipher, which uses 8*8 8 bit S-Boxes. The S-Boxes
can be in about (2**1700) states.
arc4 cipher, which uses 8*8 8 bit S-Boxes.
The S-Boxes can be in about (2**1700) states.
.Pp
The
.Fn arc4random_stir
@ -74,8 +74,8 @@ automatically initializes itself.
.Sh HISTORY
An algorithm call
.Pa RC4
was designed by RSA Data Security, Inc. It was considered a trade secret,
but not trademarked.
was designed by RSA Data Security, Inc.
It was considered a trade secret, but not trademarked.
A clone of this was posted anonymously to the USENET and was confirmed to
be equivalent by several sources who had access to the original cipher.
Because of the trade secret situation, RSA Data Security, Inc. can do


+ 3
- 2
src/lib/libc/crypt/blowfish.3 View File

@ -1,4 +1,4 @@
.\" $OpenBSD: blowfish.3,v 1.8 2000/04/15 02:15:22 aaron Exp $
.\" $OpenBSD: blowfish.3,v 1.9 2000/04/18 02:31:34 aaron Exp $
.\"
.\" Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
.\" All rights reserved.
@ -63,7 +63,8 @@ The block size is 64 bit and the key size is maximal 448 bit.
The
.Fn blf_key
function initializes the 4 8bit S-boxes and the 18 Subkeys with
the hexadecimal digits of Pi. The key is used for further randomization.
the hexadecimal digits of Pi.
The key is used for further randomization.
The first argument to
.Fn blf_enc
is the initialized state derived from


+ 61
- 44
src/lib/libc/crypt/crypt.3 View File

@ -1,4 +1,4 @@
.\" $OpenBSD: crypt.3,v 1.15 2000/04/15 02:15:22 aaron Exp $
.\" $OpenBSD: crypt.3,v 1.16 2000/04/18 02:31:34 aaron Exp $
.\"
.\" FreeSec: libcrypt
.\"
@ -56,24 +56,32 @@
.Sh DESCRIPTION
The
.Fn crypt
function performs password encryption, based on the
function performs password encryption based on the
.Tn NBS
Data Encryption Standard (DES).
Additional code has been added to deter key search attempts and to use
stronger hashing algorithms.
.Pp
The first argument to
.Fn crypt
is a
.Dv null Ns -terminated
string, typically a user's typed password.
The second is in one of three forms:
if it begins with an underscore (``_'') then an extended format is used
in interpreting both the key and the setting, as outlined below. If it begins
with an string character (``$'') and a number then a different algorithm
is used depending on the number. At the moment a ``$1'' chooses MD5 hashing
and a ``$2'' chooses Blowfish hashing, see below for more information.
.Ss Extended crypt:
.Pp
if it begins with an underscore
.Pq Ql _
then an extended format is used
in interpreting both the key and the setting, as outlined below.
If it begins
with a string character
.Pq Ql $
and a number then a different algorithm is used depending on the number.
At the moment a
.Ql $1
chooses MD5 hashing and a
.Ql $2
chooses Blowfish hashing; see below for more information.
.Ss Extended crypt
The
.Ar key
is divided into groups of 8 characters (the last group is null-padded)
@ -87,61 +95,68 @@ The setting is a 9-character array consisting of an underscore followed
by 4 bytes of iteration count and 4 bytes of salt.
These are encoded as printable characters, 6 bits per character,
least significant character first.
The values 0 to 63 are encoded as ``./0-9A-Za-z''.
The values 0 to 63 are encoded as
.Dq \&./0-9A-Za-z .
This allows 24 bits for both
.Fa count
and
.Fa salt .
.Ss "MD5" crypt:
.Pp
.Ss "MD5" crypt
For
.Tn MD5
crypt the version number,
.Fa salt
and the hashed password are separated
by the ``$'' character. The maximum length of a password is limited by
and the hashed password are separated by the
.Ql $
character.
The maximum length of a password is limited by
the length counter of the MD5 context, which is about
2**64. A valid MD5 password entry looks like this:
2**64.
A valid MD5 password entry looks like this:
.Pp
``$1$caeiHQwX$hsKqOjrFRRN6K32OWkCBf1''.
.Dq $1$caeiHQwX$hsKqOjrFRRN6K32OWkCBf1 .
.Pp
The whole MD5 password string is passed as
.Fa setting
for interpretation.
.Ss "Blowfish" crypt:
.Pp
.Ss "Blowfish" crypt
The
.Tn Blowfish
version of crypt has 128 bits of
.Fa salt
in order to make building
dictionaries of common passwords space consuming. The initial state
of the
in order to make building dictionaries of common passwords space consuming.
The initial state of the
.Tn Blowfish
cipher is expanded using the
.Fa salt
and the
.Fa password
repeating the process a variable number of rounds, which is encoded in
the password string. The maximum password length is 72. The final Blowfish
password entry is created by encrypting
the string ``OrpheanBeholderScryDoubt'' with the
the password string.
The maximum password length is 72.
The final Blowfish password entry is created by encrypting the string
.Pp
.Dq OrpheanBeholderScryDoubt
.Pp
with the
.Tn Blowfish
state 64 times.
.Pp
The version number, the logarithm of the number of rounds and
the concatenation of salt and
hashed password are separated by the ``$'' character. An encoded ``8''
the concatenation of salt and hashed password are separated by the
.Ql $
character.
An encoded
.Sq 8
would specify 256 rounds.
A valid Blowfish password looks like this:
.Pp
``$2a$12$eIAq8PR8sIUnJ1HaohxX2O9x9Qlm2vK97LJ5dsXdmB.eXF42qjchC''.
.Dq $2a$12$eIAq8PR8sIUnJ1HaohxX2O9x9Qlm2vK97LJ5dsXdmB.eXF42qjchC .
.Pp
The whole Blowfish password string is passed as
.Fa setting
for interpretation.
.Ss "Traditional" crypt:
.Pp
.Ss "Traditional" crypt
The first 8 bytes of the key are null-padded, and the low-order 7 bits of
each character is used to form the 56-bit
.Tn DES
@ -153,8 +168,7 @@ Thus only 12 bits of
are used.
.Fa count
is set to 25.
.Ss DES Algorithm:
.Pp
.Ss DES Algorithm
The
.Fa salt
introduces disorder in the
@ -182,10 +196,10 @@ string, 20 or 13 bytes (plus null) in length, consisting of the
.Ar setting
followed by the encoded 64-bit encryption.
.Pp
The functions,
The functions
.Fn encrypt ,
.Fn setkey ,
.Fn des_setkey
.Fn des_setkey ,
and
.Fn des_cipher
provide access to the
@ -243,7 +257,9 @@ E-box output as described above.
.Pp
The function
.Fn crypt
returns a pointer to the encrypted value on success, and NULL on failure.
returns a pointer to the encrypted value on success, and
.Dv NULL
on failure.
The functions
.Fn setkey ,
.Fn encrypt ,
@ -254,7 +270,7 @@ return 0 on success and 1 on failure.
.Pp
The
.Fn crypt ,
.Fn setkey
.Fn setkey ,
and
.Fn des_setkey
functions all manipulate the same key space.
@ -265,12 +281,8 @@ functions all manipulate the same key space.
.Xr getpass 3 ,
.Xr md5 3 ,
.Xr passwd 5
.Sh BUGS
The
.Fn crypt
function returns a pointer to static data, and subsequent calls to
.Fn crypt
will modify the same object.
.Sh AUTHOR
David Burren <davidb@werj.com.au>
.Sh HISTORY
A rotor-based
.Fn crypt
@ -289,9 +301,14 @@ Programs linked against the
interface may be exported from the U.S.A. only if they use
.Fn crypt
solely for authentication purposes and avoid use of
the other programmer interfaces listed above. Special care has been taken
the other programmer interfaces listed above.
Special care has been taken
in the library so that programs which only use the
.Fn crypt
interface do not pull in the other components.
.Sh AUTHOR
David Burren <davidb@werj.com.au>
.Sh BUGS
The
.Fn crypt
function returns a pointer to static data, and subsequent calls to
.Fn crypt
will modify the same object.

Loading…
Cancel
Save