Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <76750956b26540e7a00a1748a9af94ab@CO1PR05MB332.namprd05.prod.outlook.com>
Date: Tue, 16 Sep 2014 18:53:53 +0000
From: Héctor Luis Gimbatti <hlg@...le.com.ar>
To: "crypt-dev@...ts.openwall.com" <crypt-dev@...ts.openwall.com>
Subject: Bcrypt in linux

Greetings, 

The current implementation of bcrypt found in OpenBSD (specifically /usr/src/lib/libc/crypto ) make use of arc4random "device" to generate the ''salt''.

I made some modifications in order to compile the code in linux so I can maintain a database in *nix of passwords for some program. Actually the code is very simple and thee modifications done to OBSD's bcrypt are trivial:
1. hardened BCRYPT_MAXSALT to 32, and BCRYPT_MINLOGROUNDS  to 8. (the latter can be modified in runtime whereas the first is constant, but can be easily modified).
2. Instead of using arc4random_buf to compute the salt, I use RAND_seed and RAND_bytes which are included in openssl (-lcrypto)

What can be done, as I've done for this specific code, is to change the constants (currently the hex representation of pi digits) used to initialize P and S boxes to some other constants (cuberoot(prime(i)) , sqrt(prime(i)), etc) in order to produce unique crypto for an specific application or device. 

If this is somehow useful for a project I can share the code 


Cheers

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.