Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 16 Sep 2014 18:53:53 +0000
From: H├ęctor Luis Gimbatti <hlg@...le.com.ar>
To: "crypt-dev@...ts.openwall.com" <crypt-dev@...ts.openwall.com>
Subject: Bcrypt in linux

Greetings, 

The current implementation of bcrypt found in OpenBSD (specifically /usr/src/lib/libc/crypto ) make use of arc4random "device" to generate the ''salt''.

I made some modifications in order to compile the code in linux so I can maintain a database in *nix of passwords for some program. Actually the code is very simple and thee modifications done to OBSD's bcrypt are trivial:
1. hardened BCRYPT_MAXSALT to 32, and BCRYPT_MINLOGROUNDS  to 8. (the latter can be modified in runtime whereas the first is constant, but can be easily modified).
2. Instead of using arc4random_buf to compute the salt, I use RAND_seed and RAND_bytes which are included in openssl (-lcrypto)

What can be done, as I've done for this specific code, is to change the constants (currently the hex representation of pi digits) used to initialize P and S boxes to some other constants (cuberoot(prime(i)) , sqrt(prime(i)), etc) in order to produce unique crypto for an specific application or device. 

If this is somehow useful for a project I can share the code 


Cheers

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ