crypt_blowfish is an efficient implementation of a modern password hashing algorithm, based on the Blowfish block cipher, provided via the crypt(3) and a reentrant interface. It is compatible with bcrypt as used in OpenBSD. It is adaptable to future processor performance improvements, allowing you to arbitrarily increase the processing cost of checking a password while still maintaining compatibility with your older password hashes. The hashes it produces are several orders of magnitude stronger than traditional Unix DES-based or FreeBSD-style MD5-based hashes.
|Tags||Utilities Security Cryptography Software Development Libraries Application Frameworks Systems Administration|
|Operating Systems||OS Independent POSIX Linux|
Release Notes: Support for the "$2y$" prefix (denoting correctly computed hashes) has been added. A countermeasure to avoid one-correct to many-buggy collisions with the "$2a$" prefix has been added (which is desirable when upgrading systems with existing "$2a$" hashes computed using pre-1.1 versions of crypt_blowfish). The "make check" tests and the runtime quick self-test have been improved. A patch for glibc 2.13 and 2.14 has been added. The documentation has been updated.
Release Notes: The 8-bit character handling vulnerability (CVE-2011-2483) has been fixed. 8-bit test vectors and a quick self-test on every use of the password hashing function have been added.
Release Notes: The check for unsupported iteration counts has been corrected to reject certain iteration counts that would previously be misinterpreted. Section .note.GNU-stack has been added to the x86 assembly file to avoid the stack area unnecessarily being made executable on Linux systems that use this convention.
Release Notes: The glibc integration wrapper and patches have been revised for builds by recent versions of gcc.
Release Notes: An optimization specific to x86-64 has been applied.