Commit Graph

4 Commits

Author SHA1 Message Date
drochner d16ceb033e As discussed back in June, move the implementation of hmac_sha1 here
because this is not a public function and crypt-sha1.c is the only
place where it is used (It must have been that way formerly, because
there was a stale prototype in crypt.h all the time.)
Being here, do some RCSID and prototype cleanup, and add as much "const"
as needed to compile these files with WARNS=3.
2006-10-27 18:22:56 +00:00
christos 3131ddcccc - change the gensalt functions to take an optional string instead of
the number of rounds.
- make pw_gensalt() more generic, so that it does not depend in libutil.
2005-01-12 03:32:52 +00:00
christos 0fc4f2b291 - remove local UNCONST
- add new __gensalt functions
2005-01-11 22:40:00 +00:00
sjg 3a0c68edfd Add support for SHA1 hashed passwords.
The algorithm used is essentially PBKDF1 from RFC 2898 but using
hmac_sha1 rather than SHA1 directly (suggested by smb@research.att.com).

 * The format of the encrypted password is:
 * $<tag>$<iterations>$<salt>$<digest>
 *
 * where:
 *      <tag>           is "sha1"
 *      <iterations>    is an unsigned int identifying how many rounds
 *                      have been applied to <digest>.  The number
 *                      should vary slightly for each password to make
 *                      it harder to generate a dictionary of
 *                      pre-computed hashes.  See crypt_sha1_iterations.
 *      <salt>          up to 64 bytes of random data, 8 bytes is
 *                      currently considered more than enough.
 *      <digest>        the hashed password.

hmac.c implementes HMAC as defined in RFC 2104 and includes a unit
test for both hmac_sha1 and hmac_sha1 using a selection of the Known
Answer Tests from RFC 2202.

It is worth noting that to be FIPS compliant the hmac key (password)
should be 10-20 chars.
2004-07-02 00:05:23 +00:00