Bug 173834
Summary: | blowfish support in glibc - crypt() | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Eric Moret <eric.moret> |
Component: | glibc | Assignee: | Jakub Jelinek <jakub> |
Status: | CLOSED WONTFIX | QA Contact: | Brian Brock <bbrock> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | rawhide | CC: | drepper, fweimer, james.antill, jrhett, mgarski, redhat-bugzilla, tmraz, tmus |
Target Milestone: | --- | Keywords: | FutureFeature |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=173002 | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Enhancement | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2008-03-30 06:39:05 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 173002, 173853 |
Description
Eric Moret
2005-11-21 19:30:02 UTC
I'm not sure, but did Bugzilla remove the keyword FutureFeature from this report when adding me as Cc? If yes, slap one of the Bugzilla guys, please... Blowfish support will not be added since it doesn't solve the problem (see http://people.redhat.com/drepper/sha-crypt.html). But a new, safer, not based on MD5 method will appear with the next rawhide build. As explained in comment #2, no change will come. It's fixed differently. This bug is closed because implementing it didn't solve a problem with a different, much weaker protocol? I beg to differ. Bcrypt solves every problem with SHA by removing its weak self entirely. The fix for SHA did not solve this bug at all. Also, there is need for password synchronization across numerous infrastructures which any change to SHA did not solve. This issue will be highlighted during our discussion with our sales rep for reasons why we won't be paying any more for Red Hat "support", if one can use the word that vaguely. Over the years we've learned that we're only paying for the privilege of being told what Red Hat can't be bothered to fix. |