3a0c68edfd
The algorithm used is essentially PBKDF1 from RFC 2898 but using hmac_sha1 rather than SHA1 directly (suggested by smb@research.att.com). * The format of the encrypted password is: * $<tag>$<iterations>$<salt>$<digest> * * where: * <tag> is "sha1" * <iterations> is an unsigned int identifying how many rounds * have been applied to <digest>. The number * should vary slightly for each password to make * it harder to generate a dictionary of * pre-computed hashes. See crypt_sha1_iterations. * <salt> up to 64 bytes of random data, 8 bytes is * currently considered more than enough. * <digest> the hashed password. hmac.c implementes HMAC as defined in RFC 2104 and includes a unit test for both hmac_sha1 and hmac_sha1 using a selection of the Known Answer Tests from RFC 2202. It is worth noting that to be FIPS compliant the hmac key (password) should be 10-20 chars. |
||
|---|---|---|
| .. | ||
| arch | ||
| man | ||
| aes.inc | ||
| asn1.inc | ||
| bf.inc | ||
| bio.inc | ||
| bn.inc | ||
| buffer.inc | ||
| cast.inc | ||
| comp.inc | ||
| conf.inc | ||
| crypto.inc | ||
| des.inc | ||
| dh.inc | ||
| dsa.inc | ||
| dso.inc | ||
| ec.inc | ||
| engine.inc | ||
| err.inc | ||
| evp.inc | ||
| hmac.inc | ||
| i_cbc_dummy.c | ||
| i_skey_dummy.c | ||
| idea.inc | ||
| krb5.inc | ||
| lhash.inc | ||
| Makefile | ||
| man.inc | ||
| md2.inc | ||
| md4.inc | ||
| md5.inc | ||
| mdc2.inc | ||
| mdc2dgst_dummy.c | ||
| objects.inc | ||
| ocsp.inc | ||
| pem.inc | ||
| pkcs7.inc | ||
| pkcs12.inc | ||
| rand.inc | ||
| rc2.inc | ||
| rc4.inc | ||
| rc5_enc_dummy.c | ||
| rc5_skey_dummy.c | ||
| rc5.inc | ||
| ripemd.inc | ||
| rnd_keys.c | ||
| rsa.inc | ||
| sha.inc | ||
| shlib_version | ||
| srcs.inc | ||
| stack.inc | ||
| txt_db.inc | ||
| ui.inc | ||
| x509.inc | ||
| x509v3.inc | ||