From ca75f3f979c799b9eeaf41fc2c21d767f1d17d00 Mon Sep 17 00:00:00 2001 From: Zack Weinberg Date: Tue, 19 Sep 2017 11:55:28 -0400 Subject: Remove the bigcrypt() function. This function forces the use of a DES-based password hash which is unacceptably weak by modern standards -- its _only_ advantage over the original DES hash is that it does not truncate a password to its leading eight characters. It was already not exposed for use by new code, and now I have discovered that it never actually shipped in any Linux distribution's libcrypt, so there is no point including it at all. (It did exist in some proprietary Unixes of the System V lineage, and codesearch.debian.net finds a number of uses of it, but always under conditionals which exclude Linux.) This does not remove support for the bigcrypt hash *format*. That is, as long as this library is not configured with --disable-weak-hashes, the regular crypt* entry points will still be able to _check_ a password against a bigcrypt-format hash. If you have some particular reason why you must generate a new bigcrypt-format hash, you can do this with the regular crypt* entry points by padding a traditional DES two-character salt on the right with fourteen dots; see test-crypt-des.c for an example. * crypt-static.c (bigcrypt): Remove function. * crypt-des.c: Remove mentions of the bigcrypt function and clarify commentary. (crypt_des_big_rn): Make static. * crypt-private.h: Remove prototype for crypt_des_big_rn. * configure.ac, README, crypt-symbols.h, libcrypt.map.in: Remove all mentions of the bigcrypt function. * test-bigcrypt.c: Remove file. * Makefile.am: Remove all references to test-bigcrypt. --- README | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'README') diff --git a/README b/README index 52b6752..18e91ae 100644 --- a/README +++ b/README @@ -9,7 +9,6 @@ don't need to work with libcrypt. You can replace libcrypt with a symlink to libxcrypt. The advantage of libxcrypt against libcrypt is, that it supports -bigcrypt and blowfish password encryption and exports md5_crypt and -the other md5 functions. +blowfish password encryption. Thorsten Kukuk, 21. October 2002 -- cgit v1.2.3