Am 14.06.2017 19:03, schrieb Jason A. Donenfeld:
> There is not an acceptable reason to use these functions ever in new code.
> For example, just observe the implementation of the KDF:
>
> /*
> * Turn password into DES key
> */
> void
> passwd2des_internal (char *pw, char *key)
> {
> int i;
>
> memset (key, 0, 8);
> for (i = 0; *pw && i < 8; ++i)
> key[i] ^= *pw++ << 1;
>
> des_setparity (key);
> }
>
> This kind of nonsense isn't okay in the year 2017. Therefore, we
> enlighten our poor users.
>
> Signed-off-by: Jason A. Donenfeld <Jason@xxxxxxxxx>
> ---
> man3/xcrypt.3 | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/man3/xcrypt.3 b/man3/xcrypt.3
> index 956df55ba..6bc882549 100644
> --- a/man3/xcrypt.3
> +++ b/man3/xcrypt.3
> @@ -22,6 +22,10 @@ xencrypt, xdecrypt, passwd2des \- RFS password encryption
> .sp
> .BI "int xdecrypt(char *" secret ", char *" passwd ");"
> .SH DESCRIPTION
> +.BR WARNING :
> +Do not use these functions in new code. They do not achieve
> +any type of acceptable cryptographic security guarantees.
> +.LP
It would be helpful to mention an alternativ.
re,
wh
> The function
> .BR passwd2des ()
> takes a character string
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
