about summary refs log tree commit diff
path: root/manual/examples
diff options
context:
space:
mode:
authorZack Weinberg <zackw@panix.com>2018-06-29 16:53:37 +0200
committerFlorian Weimer <fweimer@redhat.com>2018-06-29 16:53:37 +0200
commit841785bad14dfad81a0af94900310141c59f26a4 (patch)
tree9fba8a7c16596dcb9652576f9322c810eb0cf682 /manual/examples
parent6ab902e4decd89c1a9206497d14ddba7680bfc37 (diff)
downloadglibc-841785bad14dfad81a0af94900310141c59f26a4.tar.gz
glibc-841785bad14dfad81a0af94900310141c59f26a4.tar.xz
glibc-841785bad14dfad81a0af94900310141c59f26a4.zip
manual: Revise crypt.texi.
This is a major rewrite of the description of 'crypt', 'getentropy',
and 'getrandom'.

A few highlights of the content changes:

 - Throughout the manual, public headers, and user-visible messages,
   I replaced the term "password" with "passphrase", the term
   "password database" with "user database", and the term
   "encrypt(ion)" with "(one-way) hashing" whenever it was applied to
   passphrases.  I didn't bother making this change in internal code
   or tests.  The use of the term "password" in ruserpass.c survives,
   because that refers to a keyword in netrc files, but it is adjusted
   to make this clearer.

   There is a note in crypt.texi explaining that they were
   traditionally called passwords but single words are not good enough
   anymore, and a note in users.texi explaining that actual passphrase
   hashes are found in a "shadow" database nowadays.

 - There is a new short introduction to the "Cryptographic Functions"
   section, explaining how we do not intend to be a general-purpose
   cryptography library, and cautioning that there _are_, or have
   been, legal restrictions on the use of cryptography in many
   countries, without getting into any kind of detail that we can't
   promise to keep up to date.

 - I added more detail about what a "one-way function" is, and why
   they are used to obscure passphrases for storage.  I removed the
   paragraph saying that systems not connected to a network need no
   user authentication, because that's a pretty rare situation
   nowadays.  (It still says "sometimes it is necessary" to
   authenticate the user, though.)

 - I added documentation for all of the hash functions that glibc
   actually supports, but not for the additional hash functions
   supported by libxcrypt.  If we're going to keep this manual section
   around after the transition is more advanced, it would probably
   make sense to add them then.

 - There is much more detailed discussion of how to generate a salt,
   and the failure behavior for crypt is documented.  (Returning an
   invalid hash on failure is what libxcrypt does; Solar Designer's
   notes say that this was done "for compatibility with old programs
   that assume crypt can never fail".)

 - As far as I can tell, the header 'crypt.h' is entirely a GNU
   invention, and never existed on any other Unix lineage.  The
   function 'crypt', however, was in Issue 1 of the SVID and is now
   in the XSI component of POSIX.  I tried to make all of the
   @standards annotations consistent with this, but I'm not sure I got
   them perfectly right.

 - The genpass.c example has been improved to use getentropy instead
   of the current time to generate the salt, and to use a SHA-256 hash
   instead of MD5. It uses more random bytes than is strictly
   necessary because I didn't want to complicate the code with proper
   base64 encoding.

 - The testpass.c example has three hardwired hashes now, to
   demonstrate that different one-way functions produce different
   hashes for the same input.  It also demonstrates how DES hashing
   only pays attention to the first eight characters of the input.

 - There is new text explaining in more detail how a CSPRNG differs
   from a regular random number generator, and how
   getentropy/getrandom are not exactly a CSPRNG.  I tried not to make
   specific falsifiable claims here.  I also tried to make the
   blocking/cancellation/error behavior of both getentropy and
   getrandom clearer.
Diffstat (limited to 'manual/examples')
-rw-r--r--manual/examples/genpass.c44
-rw-r--r--manual/examples/mygetpass.c4
-rw-r--r--manual/examples/testpass.c52
3 files changed, 67 insertions, 33 deletions
diff --git a/manual/examples/genpass.c b/manual/examples/genpass.c
index 5edb2e9b8a..23d20789fc 100644
--- a/manual/examples/genpass.c
+++ b/manual/examples/genpass.c
@@ -16,34 +16,44 @@
 */
 
 #include <stdio.h>
-#include <time.h>
 #include <unistd.h>
 #include <crypt.h>
 
 int
 main(void)
 {
-  unsigned long seed[2];
-  char salt[] = "$1$........";
-  const char *const seedchars =
+  unsigned char ubytes[16];
+  char salt[20];
+  const char *const saltchars =
     "./0123456789ABCDEFGHIJKLMNOPQRST"
     "UVWXYZabcdefghijklmnopqrstuvwxyz";
-  char *password;
+  char *hash;
   int i;
 
-  /* Generate a (not very) random seed.
-     You should do it better than this...  */
-  seed[0] = time(NULL);
-  seed[1] = getpid() ^ (seed[0] >> 14 & 0x30000);
-
-  /* Turn it into printable characters from `seedchars'.  */
-  for (i = 0; i < 8; i++)
-    salt[3+i] = seedchars[(seed[i/5] >> (i%5)*6) & 0x3f];
-
-  /* Read in the user's password and encrypt it.  */
-  password = crypt(getpass("Password:"), salt);
+  /* Retrieve 16 unpredictable bytes from the operating system.  */
+  if (getentropy (ubytes, sizeof ubytes))
+    {
+      perror ("getentropy");
+      return 1;
+    }
+
+  /* Use them to fill in the salt string.  */
+  salt[0] = '$';
+  salt[1] = '5'; /* SHA-256 */
+  salt[2] = '$';
+  for (i = 0; i < 16; i++)
+    salt[3+i] = saltchars[ubytes[i] & 0x3f];
+  salt[3+i] = '\0';
+
+  /* Read in the user's passphrase and hash it.  */
+  hash = crypt (getpass ("Enter new passphrase: "), salt);
+  if (!hash || hash[0] == '*')
+    {
+      perror ("crypt");
+      return 1;
+    }
 
   /* Print the results.  */
-  puts(password);
+  puts (hash);
   return 0;
 }
diff --git a/manual/examples/mygetpass.c b/manual/examples/mygetpass.c
index dfc0c59a7f..3f465ac8ea 100644
--- a/manual/examples/mygetpass.c
+++ b/manual/examples/mygetpass.c
@@ -1,4 +1,4 @@
-/* Reading Passwords
+/* Reading passphrases manually.
    Copyright (C) 1991-2018 Free Software Foundation, Inc.
 
    This program is free software; you can redistribute it and/or
@@ -32,7 +32,7 @@ my_getpass (char **lineptr, size_t *n, FILE *stream)
   if (tcsetattr (fileno (stream), TCSAFLUSH, &new) != 0)
     return -1;
 
-  /* Read the password.  */
+  /* Read the passphrase  */
   nread = getline (lineptr, n, stream);
 
   /* Restore terminal.  */
diff --git a/manual/examples/testpass.c b/manual/examples/testpass.c
index 19f1ae7de0..f8883fea17 100644
--- a/manual/examples/testpass.c
+++ b/manual/examples/testpass.c
@@ -1,4 +1,4 @@
-/* Verify a password.
+/* Verify a passphrase.
    Copyright (C) 1991-2018 Free Software Foundation, Inc.
 
    This program is free software; you can redistribute it and/or
@@ -20,24 +20,48 @@
 #include <unistd.h>
 #include <crypt.h>
 
+/* @samp{GNU's Not Unix} hashed using SHA-256, MD5, and DES.  */
+static const char hash_sha[] =
+  "$5$DQ2z5NHf1jNJnChB$kV3ZTR0aUaosujPhLzR84Llo3BsspNSe4/tsp7VoEn6";
+static const char hash_md5[] = "$1$A3TxDv41$rtXVTUXl2LkeSV0UU5xxs1";
+static const char hash_des[] = "FgkTuF98w5DaI";
+
 int
 main(void)
 {
-  /* Hashed form of "GNU libc manual".  */
-  const char *const pass = "$1$/iSaq7rB$EoUw5jJPPvAPECNaaWzMK/";
+  char *phrase;
+  int status = 0;
+
+  /* Prompt for a passphrase.  */
+  phrase = getpass ("Enter passphrase: ");
+
+  /* Compare against the stored hashes.  Any input that begins with
+     @samp{GNU's No} will match the DES hash, but the other two will
+     only match @samp{GNU's Not Unix}.  */
 
-  char *result;
-  int ok;
+  if (strcmp (crypt (phrase, hash_sha), hash_sha))
+    {
+      puts ("SHA: not ok");
+      status = 1;
+    }
+  else
+    puts ("SHA: ok");
 
-/*@group*/
-  /* Read in the user's password and encrypt it,
-     passing the expected password in as the salt.  */
-  result = crypt(getpass("Password:"), pass);
-/*@end group*/
+  if (strcmp (crypt (phrase, hash_md5), hash_md5))
+    {
+      puts ("MD5: not ok");
+      status = 1;
+    }
+  else
+    puts ("MD5: ok");
 
-  /* Test the result.  */
-  ok = strcmp (result, pass) == 0;
+  if (strcmp (crypt (phrase, hash_des), hash_des))
+    {
+      puts ("DES: not ok");
+      status = 1;
+    }
+  else
+    puts ("DES: ok");
 
-  puts(ok ? "Access granted." : "Access denied.");
-  return ok ? 0 : 1;
+  return status;
 }