This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
[PATCH 0/4 v3] libcrypt phaseout
- From: Zack Weinberg <zackw at panix dot com>
- To: libc-alpha at sourceware dot org
- Cc: carlos at redhat dot com, fweimer at redhat dot com, rj at 2c3t dot io, kukuk at suse dot de
- Date: Mon, 21 May 2018 13:38:49 -0400
- Subject: [PATCH 0/4 v3] libcrypt phaseout
Here comes another revision of the patchset to begin phasing out
libcrypt (and also improve the documentation for 'crypt'.) Major
changes from the previous revision are:
- Rather than just marking them deprecated, I have gone ahead and
disallowed use of the DES encryption functions in new programs.
The only reason I hadn't done that already was because 'setkey' and
'encrypt' are still in POSIX; but the insecurity of DES is more
important than that, and libxcrypt already took the plunge.
Conveniently, this means all of the documentation of those
functions can be dropped and I don't have to figure out how to
explain the bizarro things that some of them do.
- I changed my mind about consolidating the random number generation
discussion. "Unpredictable Bytes" now remains in crypt.texi and
"Pseudo-Random Numbers" remains in math.texi.
- I went back to using hardwired hashes in the testpass.c example,
because that way the program actually works as a demo; also it
allows me to show how the DES-based hash ignores all but the first
eight characters of the input passphrase.
- Terminology has been made consistent throughout the manual and the
public headers: "passphrase", "user database", and "(one-way)
hashing", not "password", "password database", or "encryption".
- Lots more documentation improvements.
Zack Weinberg (4):
Disallow use of DES encryption functions in new programs.
Reorganize crypt.texi.
Revise crypt.texi.
New configure option --disable-crypt.
INSTALL | 11 +
Makeconfig | 9 +-
NEWS | 25 ++
config.make.in | 1 +
configure | 18 +
configure.ac | 11 +
conform/Makefile | 11 +-
conform/data/stdlib.h-data | 3 -
conform/data/unistd.h-data | 3 -
crypt/Makefile | 4 -
crypt/Versions | 3 +
crypt/cert.c | 29 ++
crypt/crypt-entry.c | 15 +-
crypt/crypt.h | 37 +-
crypt/crypt_util.c | 9 +
elf/Makefile | 27 +-
elf/tst-linkall-static.c | 4 +-
inet/ruserpass.c | 2 +-
manual/contrib.texi | 2 +-
manual/crypt.texi | 695 +++++++++++++-----------------------
manual/examples/genpass.c | 44 ++-
manual/examples/mygetpass.c | 4 +-
manual/examples/testpass.c | 52 ++-
manual/install.texi | 12 +
manual/intro.texi | 1 -
manual/memory.texi | 2 +-
manual/nss.texi | 12 +-
manual/socket.texi | 4 +-
manual/string.texi | 82 ++---
manual/terminal.texi | 45 +++
manual/users.texi | 22 +-
nscd/pwdcache.c | 4 +-
posix/unistd.h | 19 +-
pwd/pwd.h | 29 +-
shadow/shadow.h | 16 +-
stdlib/stdlib.h | 6 -
sunrpc/Makefile | 2 +-
sunrpc/des_crypt.c | 7 +-
sunrpc/des_soft.c | 2 +-
39 files changed, 651 insertions(+), 633 deletions(-)
--
2.17.0