From: walter harms <wharms-fPG8STNUNVg@public.gmane.org>
To: "Jason A. Donenfeld" <Jason-OnJsPKxuuEcAvxtiuMwx3w@public.gmane.org>
Cc: mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org,
linux-man-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Subject: Re: [PATCH] xcrypt.3: warn folks not to use these functions
Date: Wed, 14 Jun 2017 19:08:50 +0200 [thread overview]
Message-ID: <59416DA2.2070900@bfs.de> (raw)
In-Reply-To: <20170614170351.19509-1-Jason-OnJsPKxuuEcAvxtiuMwx3w@public.gmane.org>
Am 14.06.2017 19:03, schrieb Jason A. Donenfeld:
> There is not an acceptable reason to use these functions ever in new code.
> For example, just observe the implementation of the KDF:
>
> /*
> * Turn password into DES key
> */
> void
> passwd2des_internal (char *pw, char *key)
> {
> int i;
>
> memset (key, 0, 8);
> for (i = 0; *pw && i < 8; ++i)
> key[i] ^= *pw++ << 1;
>
> des_setparity (key);
> }
>
> This kind of nonsense isn't okay in the year 2017. Therefore, we
> enlighten our poor users.
>
> Signed-off-by: Jason A. Donenfeld <Jason-OnJsPKxuuEcAvxtiuMwx3w@public.gmane.org>
> ---
> man3/xcrypt.3 | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/man3/xcrypt.3 b/man3/xcrypt.3
> index 956df55ba..6bc882549 100644
> --- a/man3/xcrypt.3
> +++ b/man3/xcrypt.3
> @@ -22,6 +22,10 @@ xencrypt, xdecrypt, passwd2des \- RFS password encryption
> .sp
> .BI "int xdecrypt(char *" secret ", char *" passwd ");"
> .SH DESCRIPTION
> +.BR WARNING :
> +Do not use these functions in new code. They do not achieve
> +any type of acceptable cryptographic security guarantees.
> +.LP
It would be helpful to mention an alternativ.
re,
wh
> The function
> .BR passwd2des ()
> takes a character string
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2017-06-14 17:08 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-06-14 17:03 [PATCH] xcrypt.3: warn folks not to use these functions Jason A. Donenfeld
[not found] ` <20170614170351.19509-1-Jason-OnJsPKxuuEcAvxtiuMwx3w@public.gmane.org>
2017-06-14 17:08 ` walter harms [this message]
[not found] ` <59416DA2.2070900-fPG8STNUNVg@public.gmane.org>
2017-06-14 17:12 ` Jason A. Donenfeld
-- strict thread matches above, loose matches on Subject: below --
2017-06-14 16:37 Jason A. Donenfeld
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=59416DA2.2070900@bfs.de \
--to=wharms-fpg8stnunvg@public.gmane.org \
--cc=Jason-OnJsPKxuuEcAvxtiuMwx3w@public.gmane.org \
--cc=linux-man-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox