3a0c68edfd
The algorithm used is essentially PBKDF1 from RFC 2898 but using hmac_sha1 rather than SHA1 directly (suggested by smb@research.att.com). * The format of the encrypted password is: * $<tag>$<iterations>$<salt>$<digest> * * where: * <tag> is "sha1" * <iterations> is an unsigned int identifying how many rounds * have been applied to <digest>. The number * should vary slightly for each password to make * it harder to generate a dictionary of * pre-computed hashes. See crypt_sha1_iterations. * <salt> up to 64 bytes of random data, 8 bytes is * currently considered more than enough. * <digest> the hashed password. hmac.c implementes HMAC as defined in RFC 2104 and includes a unit test for both hmac_sha1 and hmac_sha1 using a selection of the Known Answer Tests from RFC 2202. It is worth noting that to be FIPS compliant the hmac key (password) should be 10-20 chars.
17 lines
354 B
Makefile
17 lines
354 B
Makefile
# $NetBSD: Makefile,v 1.2 2004/07/02 00:05:23 sjg Exp $
|
|
# from: @(#)Makefile 8.3 (Berkeley) 4/2/94
|
|
|
|
.include <bsd.own.mk>
|
|
|
|
PROG= pwhash
|
|
SRCS= pwhash.c pwd_gensalt.c
|
|
.PATH: ${.CURDIR}/../passwd
|
|
|
|
CPPFLAGS+=-I${.CURDIR} -DLOGIN_CAP
|
|
CPPFLAGS+= -I${.CURDIR}/../../lib/libcrypt
|
|
|
|
DPADD+= ${LIBCRYPT} ${LIBUTIL}
|
|
LDADD+= -lcrypt -lutil
|
|
|
|
.include <bsd.prog.mk>
|