From 36ceaa2f5868076c9281ec42b65a31c06d7e2558 Mon Sep 17 00:00:00 2001 From: aaron <> Date: Tue, 18 Apr 2000 02:31:34 +0000 Subject: [PATCH] Repairs. --- src/lib/libc/crypt/arc4random.3 | 10 +-- src/lib/libc/crypt/blowfish.3 | 5 +- src/lib/libc/crypt/crypt.3 | 105 +++++++++++++++++++------------- 3 files changed, 69 insertions(+), 51 deletions(-) diff --git a/src/lib/libc/crypt/arc4random.3 b/src/lib/libc/crypt/arc4random.3 index f4116a1e..2bf63eca 100644 --- a/src/lib/libc/crypt/arc4random.3 +++ b/src/lib/libc/crypt/arc4random.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: arc4random.3,v 1.13 2000/04/15 02:15:22 aaron Exp $ +.\" $OpenBSD: arc4random.3,v 1.14 2000/04/18 02:31:34 aaron Exp $ .\" .\" Copyright 1997 Niels Provos .\" All rights reserved. @@ -50,8 +50,8 @@ The .Fn arc4random function uses the key stream generator employed by the -arc4 cipher, which uses 8*8 8 bit S-Boxes. The S-Boxes -can be in about (2**1700) states. +arc4 cipher, which uses 8*8 8 bit S-Boxes. +The S-Boxes can be in about (2**1700) states. .Pp The .Fn arc4random_stir @@ -74,8 +74,8 @@ automatically initializes itself. .Sh HISTORY An algorithm call .Pa RC4 -was designed by RSA Data Security, Inc. It was considered a trade secret, -but not trademarked. +was designed by RSA Data Security, Inc. +It was considered a trade secret, but not trademarked. A clone of this was posted anonymously to the USENET and was confirmed to be equivalent by several sources who had access to the original cipher. Because of the trade secret situation, RSA Data Security, Inc. can do diff --git a/src/lib/libc/crypt/blowfish.3 b/src/lib/libc/crypt/blowfish.3 index b5fdae92..6d8c5db8 100644 --- a/src/lib/libc/crypt/blowfish.3 +++ b/src/lib/libc/crypt/blowfish.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: blowfish.3,v 1.8 2000/04/15 02:15:22 aaron Exp $ +.\" $OpenBSD: blowfish.3,v 1.9 2000/04/18 02:31:34 aaron Exp $ .\" .\" Copyright 1997 Niels Provos .\" All rights reserved. @@ -63,7 +63,8 @@ The block size is 64 bit and the key size is maximal 448 bit. The .Fn blf_key function initializes the 4 8bit S-boxes and the 18 Subkeys with -the hexadecimal digits of Pi. The key is used for further randomization. +the hexadecimal digits of Pi. +The key is used for further randomization. The first argument to .Fn blf_enc is the initialized state derived from diff --git a/src/lib/libc/crypt/crypt.3 b/src/lib/libc/crypt/crypt.3 index daa9c4d8..36058c75 100644 --- a/src/lib/libc/crypt/crypt.3 +++ b/src/lib/libc/crypt/crypt.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: crypt.3,v 1.15 2000/04/15 02:15:22 aaron Exp $ +.\" $OpenBSD: crypt.3,v 1.16 2000/04/18 02:31:34 aaron Exp $ .\" .\" FreeSec: libcrypt .\" @@ -56,24 +56,32 @@ .Sh DESCRIPTION The .Fn crypt -function performs password encryption, based on the +function performs password encryption based on the .Tn NBS Data Encryption Standard (DES). Additional code has been added to deter key search attempts and to use stronger hashing algorithms. +.Pp The first argument to .Fn crypt is a .Dv null Ns -terminated string, typically a user's typed password. The second is in one of three forms: -if it begins with an underscore (``_'') then an extended format is used -in interpreting both the key and the setting, as outlined below. If it begins -with an string character (``$'') and a number then a different algorithm -is used depending on the number. At the moment a ``$1'' chooses MD5 hashing -and a ``$2'' chooses Blowfish hashing, see below for more information. -.Ss Extended crypt: -.Pp +if it begins with an underscore +.Pq Ql _ +then an extended format is used +in interpreting both the key and the setting, as outlined below. +If it begins +with a string character +.Pq Ql $ +and a number then a different algorithm is used depending on the number. +At the moment a +.Ql $1 +chooses MD5 hashing and a +.Ql $2 +chooses Blowfish hashing; see below for more information. +.Ss Extended crypt The .Ar key is divided into groups of 8 characters (the last group is null-padded) @@ -87,61 +95,68 @@ The setting is a 9-character array consisting of an underscore followed by 4 bytes of iteration count and 4 bytes of salt. These are encoded as printable characters, 6 bits per character, least significant character first. -The values 0 to 63 are encoded as ``./0-9A-Za-z''. +The values 0 to 63 are encoded as +.Dq \&./0-9A-Za-z . This allows 24 bits for both .Fa count and .Fa salt . -.Ss "MD5" crypt: -.Pp +.Ss "MD5" crypt For .Tn MD5 crypt the version number, .Fa salt -and the hashed password are separated -by the ``$'' character. The maximum length of a password is limited by +and the hashed password are separated by the +.Ql $ +character. +The maximum length of a password is limited by the length counter of the MD5 context, which is about -2**64. A valid MD5 password entry looks like this: +2**64. +A valid MD5 password entry looks like this: .Pp -``$1$caeiHQwX$hsKqOjrFRRN6K32OWkCBf1''. +.Dq $1$caeiHQwX$hsKqOjrFRRN6K32OWkCBf1 . .Pp The whole MD5 password string is passed as .Fa setting for interpretation. -.Ss "Blowfish" crypt: -.Pp +.Ss "Blowfish" crypt The .Tn Blowfish version of crypt has 128 bits of .Fa salt -in order to make building -dictionaries of common passwords space consuming. The initial state -of the +in order to make building dictionaries of common passwords space consuming. +The initial state of the .Tn Blowfish cipher is expanded using the .Fa salt and the .Fa password repeating the process a variable number of rounds, which is encoded in -the password string. The maximum password length is 72. The final Blowfish -password entry is created by encrypting -the string ``OrpheanBeholderScryDoubt'' with the +the password string. +The maximum password length is 72. +The final Blowfish password entry is created by encrypting the string +.Pp +.Dq OrpheanBeholderScryDoubt +.Pp +with the .Tn Blowfish state 64 times. .Pp The version number, the logarithm of the number of rounds and -the concatenation of salt and -hashed password are separated by the ``$'' character. An encoded ``8'' +the concatenation of salt and hashed password are separated by the +.Ql $ +character. +An encoded +.Sq 8 would specify 256 rounds. A valid Blowfish password looks like this: .Pp -``$2a$12$eIAq8PR8sIUnJ1HaohxX2O9x9Qlm2vK97LJ5dsXdmB.eXF42qjchC''. +.Dq $2a$12$eIAq8PR8sIUnJ1HaohxX2O9x9Qlm2vK97LJ5dsXdmB.eXF42qjchC . .Pp The whole Blowfish password string is passed as .Fa setting for interpretation. -.Ss "Traditional" crypt: -.Pp +.Ss "Traditional" crypt The first 8 bytes of the key are null-padded, and the low-order 7 bits of each character is used to form the 56-bit .Tn DES @@ -153,8 +168,7 @@ Thus only 12 bits of are used. .Fa count is set to 25. -.Ss DES Algorithm: -.Pp +.Ss DES Algorithm The .Fa salt introduces disorder in the @@ -182,10 +196,10 @@ string, 20 or 13 bytes (plus null) in length, consisting of the .Ar setting followed by the encoded 64-bit encryption. .Pp -The functions, +The functions .Fn encrypt , .Fn setkey , -.Fn des_setkey +.Fn des_setkey , and .Fn des_cipher provide access to the @@ -243,7 +257,9 @@ E-box output as described above. .Pp The function .Fn crypt -returns a pointer to the encrypted value on success, and NULL on failure. +returns a pointer to the encrypted value on success, and +.Dv NULL +on failure. The functions .Fn setkey , .Fn encrypt , @@ -254,7 +270,7 @@ return 0 on success and 1 on failure. .Pp The .Fn crypt , -.Fn setkey +.Fn setkey , and .Fn des_setkey functions all manipulate the same key space. @@ -265,12 +281,8 @@ functions all manipulate the same key space. .Xr getpass 3 , .Xr md5 3 , .Xr passwd 5 -.Sh BUGS -The -.Fn crypt -function returns a pointer to static data, and subsequent calls to -.Fn crypt -will modify the same object. +.Sh AUTHOR +David Burren .Sh HISTORY A rotor-based .Fn crypt @@ -289,9 +301,14 @@ Programs linked against the interface may be exported from the U.S.A. only if they use .Fn crypt solely for authentication purposes and avoid use of -the other programmer interfaces listed above. Special care has been taken +the other programmer interfaces listed above. +Special care has been taken in the library so that programs which only use the .Fn crypt interface do not pull in the other components. -.Sh AUTHOR -David Burren +.Sh BUGS +The +.Fn crypt +function returns a pointer to static data, and subsequent calls to +.Fn crypt +will modify the same object.