3a0c68edfd
The algorithm used is essentially PBKDF1 from RFC 2898 but using hmac_sha1 rather than SHA1 directly (suggested by smb@research.att.com). * The format of the encrypted password is: * $<tag>$<iterations>$<salt>$<digest> * * where: * <tag> is "sha1" * <iterations> is an unsigned int identifying how many rounds * have been applied to <digest>. The number * should vary slightly for each password to make * it harder to generate a dictionary of * pre-computed hashes. See crypt_sha1_iterations. * <salt> up to 64 bytes of random data, 8 bytes is * currently considered more than enough. * <digest> the hashed password. hmac.c implementes HMAC as defined in RFC 2104 and includes a unit test for both hmac_sha1 and hmac_sha1 using a selection of the Known Answer Tests from RFC 2202. It is worth noting that to be FIPS compliant the hmac key (password) should be 10-20 chars.
24 lines
679 B
C
24 lines
679 B
C
/*
|
|
* $NetBSD: crypt.h,v 1.1 2004/07/02 00:05:23 sjg Exp $
|
|
*/
|
|
char *__md5crypt(const char *pw, const char *salt); /* XXX */
|
|
char *__bcrypt(const char *, const char *); /* XXX */
|
|
char *__crypt_sha1(const char *pw, const char *salt);
|
|
unsigned int __crypt_sha1_iterations (unsigned int hint);
|
|
void __hmac_sha1(unsigned char *, size_t, unsigned char *, size_t, unsigned char *);
|
|
void __crypt_to64(char *s, u_int32_t v, int n);
|
|
|
|
#define SHA1_MAGIC "$sha1$"
|
|
#define SHA1_SIZE 20
|
|
|
|
#ifdef __GNUC__
|
|
#define UNCONST(ptr) ({ \
|
|
union __unconst { \
|
|
const void *__cp; \
|
|
void *__p; \
|
|
} __d; \
|
|
__d.__cp = ptr, __d.__p; })
|
|
#else
|
|
#define UNCONST(ptr) (void *)(ptr)
|
|
#endif
|