On Thu, Sep 25, Solar Designer wrote: > On Thu, Sep 25, 2003 at 08:14:51PM +0200, Thorsten Kukuk wrote: > > On Wed, Sep 24, Ethan Benson wrote: > > > On Wed, Sep 24, 2003 at 06:34:58PM +0400, Solar Designer wrote:> On Wed, Sep 24, 2003 at 06:34:58PM +0400, Solar Designer wrote: > > > > > > http://www.openwall.com/crypt/ > > > > http://www.openwall.com/tcb/ > > > > > > is there any particular reason more distros haven't adopted these > > > patches? all the major players already distribute strong crypto so > > > that can't be the reason... > > > > SuSE Linux has it since 8.0. > > I didn't know, thank you! I've updated the web page to mention that. > Does this describe your use of bcrypt password hashing correctly, -- > > crypt_blowfish is fully integrated into Owl and distributions by > ALT Linux team, as the default password hashing scheme. It is a > part of the glibc package on ASPLinux and SuSE. ... and SuSE Linux. Not only SuSE. > I've downloaded glibc-2.3.2-6.src.rpm from SuSE 8.2 and looked at it > briefly. I notice that you disable the x86 assembly code in > crypt_blowfish, why? There was a thread-safety problem in that code > which has since been corrected, so you could want to update to > crypt_blowfish 0.4.5 and re-enable that code: We had massive problems with this, but I don't remember what it was anymore. It had something to do with the toolchain. I will enable it again and make same tests. Thorsten -- Thorsten Kukuk http://www.suse.de/~kukuk/ kukuk@xxxxxxx SuSE Linux AG Deutschherrnstr. 15-19 D-90429 Nuernberg -------------------------------------------------------------------- Key fingerprint = A368 676B 5E1B 3E46 CFCE 2D97 F8FD 4E23 56C6 FB4B _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
