AUTHOR: Robert Connolly (ashes) DATE: 2006-12-10 LICENSE: Public Domain SYNOPSIS: Blowfish passwords. DESCRIPTION: How to install a blowfish crypt library and use it. PREREQUISITES: None HINT: A paper on the blowfish algorithm is available here: http://www.usenix.org/events/usenix99/provos.html DOWNLOAD: http://ca.lfs-matrix.net/patches/downloads/glibc/glibc-2.5-blowfish.patch http://ca.lfs-matrix.net/patches/downloads/shadow/\ shadow-4.0.18.1-owl_blowfish-1.patch http://ca.lfs-matrix.net/patches/downloads/sysvinit/\ sysvinit-2.86-owl_blowfish.patch INSTALLATION: # With Glibc chapter 6: patch -Np1 -i ../glibc-2.5-blowfish.patch # With Shadow chapter 6: patch -Np1 -i ../shadow-4.0.18.1-owl_blowfish-1.patch && aclocal && autoconf && autoheader # This patch for Shadow must be regenerated with autotools so that this # patch can be used by many versions of Shadow. As long as the patch applies # without error then it should work on whichever version of Shadow you are # using. # This patch will instruct blowfish to use /dev/random for entropy. If you # want to use /dev/urandom or something else then use the --with-random= # configure option. # The Sed command for MD5_CRYPT_ENAB, on the Shadow page, won't make any # difference. If you get an error from 'make install' because of funny # business from Autoconf, then use: make MKINSTALLDIRS=$(pwd)/mkinstalldirs install # Shadow will still be able to use MD5 and DES passwords if you add them to # /etc/shadow manually, or if you reset "CRYPT_PREFIX" to "$1$" in # /etc/login.defs. # After running 'passwd' you should find your passwords in /etc/shadow # begin with "$2a$". # With Sysvinit chapter 6: patch -Np1 -i ../sysvinit-2.86-owl_blowfish.patch # OpenSSH can be installed normally, and using "--with-md5-passwords" is # optional (it will still be able to use blowfish passwords too). ACKNOWLEDGMENTS: * The Openwall project. http://www.openwall.com/crypt/ * Solar Designer. * Thorsten Kukuk. http://ftp.suse.com/pub/people/kukuk/ CHANGELOG: [2005-02-04] * Initial hint. [2005-02-05] * Added note for --with-random. * Added note for SSHD's with-md5-passwords. * Move libxcrypt.la file to /usr/lib. [2005-02-06] * Added sed for xcrypt in OpenSSH. [2005-02-24] * Fix where the libxcrypt libs are installed. [2005-11-13] * Bump to libxcrypt-2.3. * Don't install libcrypt from libc, and install libxcrypt instead. [2005-12-10] * Use Owl Blowfish for Glibc because libxcrypt conflicts with OpenSSH. * Added new Shadow and Sysvinit patches.