[RFC] Replace glibc's libcrypt with libxcrypt for Fedora 29/30

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello everyone,

since there has been some discussion in the last time about removing
libcrypt from glibc in some time [1,2,3,4] and splitting it out into a
separate project which can evolve quicker, I'd like to hear your
oppinion about replacing glibc's libcrypt with libxcrypt [5] for Fedora
29 (or 30).

libxcrypt will be fully binary compatible with software linked against
glibc's libcrypt and does not require any rebuilds.  However, the
converse is not true: programs linked against libxcrypt will not work
with glibc's libcrypt.  It comes with a set of extended interfaces
pioneered by Openwall Linux, crypt_rn, crypt_ra, crypt_gensalt,
crypt_gensalt_rn, and crypt_gensalt_ra.  Also, programs that use
certain legacy APIs supplied by glibc's libcrypt (encrypt, encrypt_r,
setkey, setkey_r, and fcrypt) cannot be compiled against libxcrypt.

The crypt and gensalt functions are supporting all (except for Crypt16,
which was used on Ultrix and Tru64, only) widely used password hashing
algorithms [6], which before were specific to just some operating
system's implementations of libcrypt [7].

There are preperations to add password hashing with PBKDF2 using HMAC-
SHA3-512 to libxcrypt as well.

Anyways, before this can happen, there is still some work to be done
with libxcrypt, like adding a FIPS mode or FIPS compliance in a
different way.

Cheers,
  Björn


[1]  https://sourceware.org/ml/libc-alpha/2017-06/msg00055.html
[2]  https://sourceware.org/ml/libc-alpha/2017-06/msg00079.html
[3]  https://sourceware.org/ml/libc-alpha/2017-08/msg01257.html
[4]  https://sourceware.org/ml/libc-alpha/2017-08/msg01408.html
[5]  https://github.com/besser82/libxcrypt
[6]  https://en.wikipedia.org/wiki/Crypt_(C)#Key_derivation_functions_s
upported_by_crypt
[7]  https://en.wikipedia.org/wiki/Crypt_(C)#Support_in_operating_syste
ms

Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux