[PATCH] xcrypt.3: warn folks not to use these functions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



There is not an acceptable reason to use these functions ever in new code.
For example, just observe the implementation of the KDF:

	/*
	 * Turn password into DES key
	 */
	void
	passwd2des_internal (char *pw, char *key)
	{
	  int i;

	  memset (key, 0, 8);
	  for (i = 0; *pw && i < 8; ++i)
	    key[i] ^= *pw++ << 1;

	  des_setparity (key);
	}

This kind of nonsense isn't okay in the year 2017. Therefore, we
enlighten our poor users.

Signed-off-by: Jason A. Donenfeld <Jason@xxxxxxxxx>
---
 man3/xcrypt.3 | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/man3/xcrypt.3 b/man3/xcrypt.3
index 956df55ba..6bc882549 100644
--- a/man3/xcrypt.3
+++ b/man3/xcrypt.3
@@ -22,6 +22,10 @@ xencrypt, xdecrypt, passwd2des \- RFS password encryption
 .sp
 .BI "int xdecrypt(char *" secret ", char *" passwd ");"
 .SH DESCRIPTION
+.BR WARNING :
+Do not use these functions in new code. They do not achieve
+any type of acceptable cryptographic security guarantees.
+.LP
 The function
 .BR passwd2des ()
 takes a character string
-- 
2.13.1

--
To unsubscribe from this list: send the line "unsubscribe linux-api" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux