new blowfish-passwds hint

hints@linuxfromscratch.org

[Prev] Thread [Next] | [Prev] Date [Next]

new blowfish-passwds hint Robert Connolly Mon Dec 11 06:13:18 2006

Hello. Please update the attached hint.

robert

AUTHOR: Robert Connolly <[EMAIL PROTECTED]> (ashes)

DATE: 2006-12-10

LICENSE: Public Domain

SYNOPSIS: Blowfish passwords.

DESCRIPTION:
How to install a blowfish crypt library and use it.

PREREQUISITES: None

HINT:

A paper on the blowfish algorithm is available here:
http://www.usenix.org/events/usenix99/provos.html

DOWNLOAD:

http://ca.lfs-matrix.net/patches/downloads/glibc/glibc-2.5-blowfish.patch
http://ca.lfs-matrix.net/patches/downloads/shadow/\
        shadow-4.0.18.1-owl_blowfish-1.patch
http://ca.lfs-matrix.net/patches/downloads/sysvinit/\
        sysvinit-2.86-owl_blowfish.patch

INSTALLATION:

# With Glibc chapter 6:

patch -Np1 -i ../glibc-2.5-blowfish.patch

# With Shadow chapter 6:

patch -Np1 -i ../shadow-4.0.18.1-owl_blowfish-1.patch &&
aclocal &&
autoconf &&
autoheader

# This patch for Shadow must be regenerated with autotools so that this
# patch can be used by many versions of Shadow. As long as the patch applies
# without error then it should work on whichever version of Shadow you are
# using.

# This patch will instruct blowfish to use /dev/random for entropy. If you
# want to use /dev/urandom or something else then use the --with-random=
# configure option.

# The Sed command for MD5_CRYPT_ENAB, on the Shadow page, won't make any
# difference. If you get an error from 'make install' because of funny
# business from Autoconf, then use:

make MKINSTALLDIRS=$(pwd)/mkinstalldirs install

# Shadow will still be able to use MD5 and DES passwords if you add them to
# /etc/shadow manually, or if you reset "CRYPT_PREFIX" to "$1$" in
# /etc/login.defs.

# After running 'passwd' you should find your passwords in /etc/shadow
# begin with "$2a$".

# With Sysvinit chapter 6:

patch -Np1 -i ../sysvinit-2.86-owl_blowfish.patch

# OpenSSH can be installed normally, and using "--with-md5-passwords" is
# optional (it will still be able to use blowfish passwords too).

ACKNOWLEDGMENTS:
  * The Openwall project. http://www.openwall.com/crypt/
  * Solar Designer. <solar at openwall>
  * Thorsten Kukuk. http://ftp.suse.com/pub/people/kukuk/

CHANGELOG:
[2005-02-04]
  * Initial hint.
[2005-02-05]
  * Added note for --with-random.
  * Added note for SSHD's with-md5-passwords.
  * Move libxcrypt.la file to /usr/lib.
[2005-02-06]
  * Added sed for xcrypt in OpenSSH.
[2005-02-24]
  * Fix where the libxcrypt libs are installed.
[2005-11-13]
  * Bump to libxcrypt-2.3.
  * Don't install libcrypt from libc, and install libxcrypt instead.
[2005-12-10]
  * Use Owl Blowfish for Glibc because libxcrypt conflicts with OpenSSH.
  * Added new Shadow and Sysvinit patches.

-- 
http://linuxfromscratch.org/mailman/listinfo/hints
FAQ: http://www.linuxfromscratch.org/faq/
Unsubscribe: See the above information page

new blowfish-passwds hint Robert Connolly 2006/12/11 <=