Commit Graph

17 Commits

Author SHA1 Message Date
lukem
c1ceae17f0 Enable WARNS=4 by default for usr.bin, except for:
awk  bdes  checknr  compile_et  error  gss  hxtool  kgetcred  kinit
	klist  ldd  less  lex  locale  login  m4  man  menuc  mk_cmds
	mklocale  msgc  openssl  rpcgen  rpcinfo  sdiff  spell  ssh
	string2key  telnet  tn3270  verify_krb5_conf  xlint
2009-04-14 22:15:16 +00:00
christos
ac2addb00e PR/31144: YOMURA Masanori: pwhash -S/-b never use optarg 2006-03-05 08:50:58 +00:00
lukem
4baf8a84ca appease gcc -Wuninitialized 2005-06-02 02:19:51 +00:00
christos
cef96160f5 more cleanups, WARNS=3 2005-01-12 05:45:23 +00:00
christos
28e33dbb3b Use pw_gensalt() instead of using the cipher functions directly. Simplifies
the code a lot.
2005-01-12 03:35:34 +00:00
christos
68e7a6e2e1 SRCS is not needed. 2005-01-12 01:21:14 +00:00
christos
911a82af6b - use the gensalt functions from libcrypt instead of rolling our own. 2005-01-11 22:56:19 +00:00
wiz
9f522a4dd3 Merge single-letter options; sync order in man page and usage. 2004-11-17 14:57:48 +00:00
dsl
6632ac4d9c Add (unsigned char) cast to ctype functions 2004-11-01 21:12:59 +00:00
snj
c225c39401 Bump date for last and slightly improve wording. 2004-10-13 23:46:42 +00:00
sjg
5961096f14 Apply patch from PR 26779
and update man page (not quite per PR 26780).
2004-10-12 16:46:59 +00:00
sjg
3a0c68edfd Add support for SHA1 hashed passwords.
The algorithm used is essentially PBKDF1 from RFC 2898 but using
hmac_sha1 rather than SHA1 directly (suggested by smb@research.att.com).

 * The format of the encrypted password is:
 * $<tag>$<iterations>$<salt>$<digest>
 *
 * where:
 *      <tag>           is "sha1"
 *      <iterations>    is an unsigned int identifying how many rounds
 *                      have been applied to <digest>.  The number
 *                      should vary slightly for each password to make
 *                      it harder to generate a dictionary of
 *                      pre-computed hashes.  See crypt_sha1_iterations.
 *      <salt>          up to 64 bytes of random data, 8 bytes is
 *                      currently considered more than enough.
 *      <digest>        the hashed password.

hmac.c implementes HMAC as defined in RFC 2104 and includes a unit
test for both hmac_sha1 and hmac_sha1 using a selection of the Known
Answer Tests from RFC 2202.

It is worth noting that to be FIPS compliant the hmac key (password)
should be 10-20 chars.
2004-07-02 00:05:23 +00:00
itojun
2fe0488981 use bounded string op 2003-07-14 09:33:08 +00:00
agc
a8d6388e6f Add NetBSD RCS Ids. 2003-06-23 13:05:47 +00:00
jdolecek
ee8bfae14a couple minor changes:
* move buffer[] to print_passwd(); it's used only there
* make trim(), usage(), print_passwd() static, and g/c no longer needed
  prototypes for them
* replace __progname with getprogname()/setprogname()
* move the prototypes for pwd_getsalt()/to64() outside of print_passwd()

change reviewed by Niels
2002-10-02 13:39:10 +00:00
wiz
a2c3d8fd5d Add NetBSD RCS Id. Sort options. 2002-10-02 07:35:29 +00:00
provos
d15e0fa262 password hashing utility that allows des, md5 or bcrypt passwords to be
created in scripts;  tool originally from downsj@openbsd.org;
approved by perry.
2002-10-01 20:48:58 +00:00