Welcome! Log In Create A New Profile

Re: [patch]: document SHA-2 support in glibc crypt()

Forum List Message List New Topic Print View

Maxim Dounin

October 10, 2017 01:30PM

Hello!

On Mon, Oct 09, 2017 at 11:18:47PM +0300, Leonid Evdokimov wrote:

> On Mon, Oct 09, 2017 at 10:44:11PM +0300, Maxim Dounin wrote:
> > All crypt() schemes available on a particular OS are supported, and
> > this is what is written in the above paragraph.
>
> I added that note to provide disambiguation that actual libc crypt() is
> used, I was under assumption that some only "plain old crypt()" is
> actually supported (like DES one) as the example does not refer to
> system crypt(), but refers to openssl and htpasswd. I was unaware of
> platform crypt() call till I have actually looked at the source code :)

The paragraph in question is expected to say that nginx uses the
crypt() function as provided by system libraries. If it is not
clear, we can consider improving the wording, and/or providing
examples on how to use the tools mentioned to generate various
types of passwords understood by crypt(). In particular, openssl
by default generates traditional crypt() hashes, and can be used
to generate $1$ hashes with the "-1" switch:

$ openssl passwd foo
GLJoKLSDZtEYU
$ openssl passwd -1 foo
$1$k8V9xFsq$y6xcPzRK5YW1QubxEm9kL1

(Not-yet-released openssl 1.1.1 also supports "-5" and "-6", though
I would rather refrain from providing relevant examples.)

> > It is not clear why to document $5$ and $6$ explicitly.
>
> That's just an example. These two are documented in crypt(3) manpage:
> MD5-based $1$ is already documented and $2a$ is not available in
> "default" build of glibc.

It is not clear what you mean by saying "MD5-based $1$ is already
documented". In nginx documentation there is nothing about $1$.
There is a paragraph about $apr1$, Apache variant of $1$, which is
similar, but is not crypt()-based - instead, it is explicitly
implemented as a platform-independent solution which is available
on all platforms including Windows. And this is why it is
documented explicitly.

--
Maxim Dounin
http://nginx.org/
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

Reply Quote

RSS

Subject	Author	Views	Posted
[patch]: document SHA-2 support in glibc crypt()	Leonid Evdokimov	419	October 09, 2017 01:46PM
Re: [patch]: document SHA-2 support in glibc crypt()	Maxim Dounin	160	October 09, 2017 03:46PM
Re: [patch]: document SHA-2 support in glibc crypt()	Leonid Evdokimov	182	October 09, 2017 04:20PM
Re: [patch]: document SHA-2 support in glibc crypt()	Maxim Dounin	231	October 10, 2017 01:30PM
Re: [patch]: document SHA-2 support in glibc crypt()	Leonid Evdokimov	184	February 13, 2018 07:10AM

Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 141

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018