| 1 |
AUTHOR: Robert Connolly <robert at linuxfromscratch.org> (ashes) |
|---|
| 2 |
|
|---|
| 3 |
DATE: 2006-12-10 |
|---|
| 4 |
|
|---|
| 5 |
LICENSE: Public Domain |
|---|
| 6 |
|
|---|
| 7 |
SYNOPSIS: Blowfish passwords. |
|---|
| 8 |
|
|---|
| 9 |
DESCRIPTION: |
|---|
| 10 |
How to install a blowfish crypt library and use it. |
|---|
| 11 |
|
|---|
| 12 |
PREREQUISITES: None |
|---|
| 13 |
|
|---|
| 14 |
HINT: |
|---|
| 15 |
|
|---|
| 16 |
A paper on the blowfish algorithm is available here: |
|---|
| 17 |
http://www.usenix.org/events/usenix99/provos.html |
|---|
| 18 |
|
|---|
| 19 |
DOWNLOAD: |
|---|
| 20 |
|
|---|
| 21 |
http://ca.lfs-matrix.net/patches/downloads/glibc/glibc-2.5-blowfish.patch |
|---|
| 22 |
http://ca.lfs-matrix.net/patches/downloads/shadow/\ |
|---|
| 23 |
shadow-4.0.18.1-owl_blowfish-1.patch |
|---|
| 24 |
http://ca.lfs-matrix.net/patches/downloads/sysvinit/\ |
|---|
| 25 |
sysvinit-2.86-owl_blowfish.patch |
|---|
| 26 |
|
|---|
| 27 |
INSTALLATION: |
|---|
| 28 |
|
|---|
| 29 |
# With Glibc chapter 6: |
|---|
| 30 |
|
|---|
| 31 |
patch -Np1 -i ../glibc-2.5-blowfish.patch |
|---|
| 32 |
|
|---|
| 33 |
# With Shadow chapter 6: |
|---|
| 34 |
|
|---|
| 35 |
patch -Np1 -i ../shadow-4.0.18.1-owl_blowfish-1.patch && |
|---|
| 36 |
aclocal && |
|---|
| 37 |
autoconf && |
|---|
| 38 |
autoheader |
|---|
| 39 |
|
|---|
| 40 |
# This patch for Shadow must be regenerated with autotools so that this |
|---|
| 41 |
# patch can be used by many versions of Shadow. As long as the patch applies |
|---|
| 42 |
# without error then it should work on whichever version of Shadow you are |
|---|
| 43 |
# using. |
|---|
| 44 |
|
|---|
| 45 |
# This patch will instruct blowfish to use /dev/random for entropy. If you |
|---|
| 46 |
# want to use /dev/urandom or something else then use the --with-random= |
|---|
| 47 |
# configure option. |
|---|
| 48 |
|
|---|
| 49 |
# The Sed command for MD5_CRYPT_ENAB, on the Shadow page, won't make any |
|---|
| 50 |
# difference. If you get an error from 'make install' because of funny |
|---|
| 51 |
# business from Autoconf, then use: |
|---|
| 52 |
|
|---|
| 53 |
make MKINSTALLDIRS=$(pwd)/mkinstalldirs install |
|---|
| 54 |
|
|---|
| 55 |
# Shadow will still be able to use MD5 and DES passwords if you add them to |
|---|
| 56 |
# /etc/shadow manually, or if you reset "CRYPT_PREFIX" to "$1$" in |
|---|
| 57 |
# /etc/login.defs. |
|---|
| 58 |
|
|---|
| 59 |
# After running 'passwd' you should find your passwords in /etc/shadow |
|---|
| 60 |
# begin with "$2a$". |
|---|
| 61 |
|
|---|
| 62 |
# With Sysvinit chapter 6: |
|---|
| 63 |
|
|---|
| 64 |
patch -Np1 -i ../sysvinit-2.86-owl_blowfish.patch |
|---|
| 65 |
|
|---|
| 66 |
# OpenSSH can be installed normally, and using "--with-md5-passwords" is |
|---|
| 67 |
# optional (it will still be able to use blowfish passwords too). |
|---|
| 68 |
|
|---|
| 69 |
ACKNOWLEDGMENTS: |
|---|
| 70 |
* The Openwall project. http://www.openwall.com/crypt/ |
|---|
| 71 |
* Solar Designer. <solar at openwall> |
|---|
| 72 |
* Thorsten Kukuk. http://ftp.suse.com/pub/people/kukuk/ |
|---|
| 73 |
|
|---|
| 74 |
CHANGELOG: |
|---|
| 75 |
[2005-02-04] |
|---|
| 76 |
* Initial hint. |
|---|
| 77 |
[2005-02-05] |
|---|
| 78 |
* Added note for --with-random. |
|---|
| 79 |
* Added note for SSHD's with-md5-passwords. |
|---|
| 80 |
* Move libxcrypt.la file to /usr/lib. |
|---|
| 81 |
[2005-02-06] |
|---|
| 82 |
* Added sed for xcrypt in OpenSSH. |
|---|
| 83 |
[2005-02-24] |
|---|
| 84 |
* Fix where the libxcrypt libs are installed. |
|---|
| 85 |
[2005-11-13] |
|---|
| 86 |
* Bump to libxcrypt-2.3. |
|---|
| 87 |
* Don't install libcrypt from libc, and install libxcrypt instead. |
|---|
| 88 |
[2005-12-10] |
|---|
| 89 |
* Use Owl Blowfish for Glibc because libxcrypt conflicts with OpenSSH. |
|---|
| 90 |
* Added new Shadow and Sysvinit patches. |
|---|
