Password Hashing was: [Cryptography Team] Getting started
John Toohey
jt at parspro.com
Fri Oct 28 14:40:37 UTC 2011
Thanks Paul. I couldn't get it to work on OSX. No pre-built binaries,
that I could find. I eventually downloaded the source from OpenWall,
and compiled a 32 bit library from that. So :-
$ make
$ gcc -shared -m32 -W1,-soname,libbcrypt.so.1.2 -o libbcrypt.so.1.2
crypt_blowfish.o x86.o wrapper.o
The wrapper is to wrap their extensions and expose the API using the
standard crypt one. However, I could build the library without the
wrapper, but not with it. It was late, so I spun up a Ubuntu
VirtualBox and installed the BCryptFFI package there. No surprise that
that worked :-)
I have a few questions on the code.
- Should the RNG being used not be one from the crypt libraries rather
than the Pharo one?
- The #checkPassWord:against method has the salt hardcoded at 30, yet
there is a method to set the length of the salt. Is there a reason for
that?
Anyway, really glad I found this project. Its very important that
Pharo has good crypto support. I'd like to contribute, is there a list
of outstanding issues etc., somewhere?
On Thu, Oct 27, 2011 at 14:24, Paul DeBruicker <pdebruic at gmail.com> wrote:
> On 11-10-27 11:06 AM, Paul DeBruicker wrote:
>>
>> The PasswordHashingFFI package + FFI is all you need to make SHA256
>> hashed passwords in Ubuntu.
>
>
> This is because to run Pharo on Ubuntu you already have the libcrypt or
> Ubuntu 64 bit you've already installed ia32-libs which has the 32 bit
> version of libcrypt.
>
> If you want to use bcrypt you'll need to install the 32 bit version of
> libxcrypt1. For 32 bit Ubuntu it should be in Synaptic. For 64Bit you need
> to download the i386 .deb package from here:
>
>
> http://packages.ubuntu.com/oneiric/libxcrypt1
>
> extract it in the downloaded directory with
>
> sudo dpkg -x . libxcrypt1_2.4-1build1_i386.deb
>
> then copy the libxcrypt.so.1.2.4 file to wherever the 32 bit libraries on
> your machine are an then in the 32 bit library directory run
>
> sudo ln -s libxcrypt.so.1 libxcrypt.so.1.2.4
>
> _______________________________________________
> Cryptography mailing list
> Cryptography at lists.squeakfoundation.org
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
>
--
~JT
More information about the Cryptography
mailing list