Bug 173834

Summary: blowfish support in glibc - crypt()
Product: [Fedora] Fedora Reporter: Eric Moret <eric.moret>
Component: glibcAssignee: Jakub Jelinek <jakub>
Status: CLOSED WONTFIX QA Contact: Brian Brock <bbrock>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: drepper, fweimer, james.antill, jrhett, mgarski, redhat-bugzilla, tmraz, tmus
Target Milestone: ---Keywords: FutureFeature
Target Release: ---   
Hardware: All   
OS: Linux   
URL: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=173002
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-03-30 06:39:05 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 173002, 173853    

Description Eric Moret 2005-11-21 19:30:02 UTC 
Description of problem:

This bug is opened in relation to a feature request for support of blowfish
crypt in shadow/passwd files. glibc - crypt() should support blowfish in
addition to md5 hash.

Cf: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=173002
Comment 1 Robert Scheck 2006-05-29 17:33:48 UTC 
I'm not sure, but did Bugzilla remove the keyword FutureFeature from this
report when adding me as Cc? If yes, slap one of the Bugzilla guys, please...
Comment 2 Ulrich Drepper 2007-09-19 22:40:16 UTC 
Blowfish support will not be added since it doesn't solve the problem (see
http://people.redhat.com/drepper/sha-crypt.html).  But a new, safer, not based
on MD5 method will appear with the next rawhide build.
Comment 3 Ulrich Drepper 2008-03-30 06:39:05 UTC 
As explained in comment #2, no change will come.  It's fixed differently.
Comment 4 Jo Rhett 2014-12-19 20:52:30 UTC 
This bug is closed because implementing it didn't solve a problem with a different, much weaker protocol? I beg to differ. Bcrypt solves every problem with SHA by removing its weak self entirely.

The fix for SHA did not solve this bug at all. Also, there is need for password synchronization across numerous infrastructures which any change to SHA did not solve.

This issue will be highlighted during our discussion with our sales rep for reasons why we won't be paying any more for Red Hat "support", if one can use the word that vaguely. Over the years we've learned that we're only paying for the privilege of being told what Red Hat can't be bothered to fix.