On Thu, Sep 25, 2003 at 08:14:51PM +0200, Thorsten Kukuk wrote: > On Wed, Sep 24, Ethan Benson wrote: > > On Wed, Sep 24, 2003 at 06:34:58PM +0400, Solar Designer wrote:> On Wed, Sep 24, 2003 at 06:34:58PM +0400, Solar Designer wrote: > > > > http://www.openwall.com/crypt/ > > > http://www.openwall.com/tcb/ > > > > is there any particular reason more distros haven't adopted these > > patches? all the major players already distribute strong crypto so > > that can't be the reason... > > SuSE Linux has it since 8.0. I didn't know, thank you! I've updated the web page to mention that. Does this describe your use of bcrypt password hashing correctly, -- crypt_blowfish is fully integrated into Owl and distributions by ALT Linux team, as the default password hashing scheme. It is a part of the glibc package on ASPLinux and SuSE. I've downloaded glibc-2.3.2-6.src.rpm from SuSE 8.2 and looked at it briefly. I notice that you disable the x86 assembly code in crypt_blowfish, why? There was a thread-safety problem in that code which has since been corrected, so you could want to update to crypt_blowfish 0.4.5 and re-enable that code: * Fri Nov 08 2002 Solar Designer <solar@xxxxxxxxxxxxxxxx> - Made the x86 assembly code in crypt_blowfish reentrant (this time for real), added a test for proper operation with multiple threads, made crypt_blowfish more careful about overwriting sensitive data. -- Alexander _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
