Bug 173834 - blowfish support in glibc - crypt()
blowfish support in glibc - crypt()
Product: Fedora
Classification: Fedora
Component: glibc (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jakub Jelinek
Brian Brock
: FutureFeature
Depends On:
Blocks: 173002 173853
  Show dependency treegraph
Reported: 2005-11-21 14:30 EST by Eric Moret
Modified: 2016-11-24 07:35 EST (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-03-30 02:39:05 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Eric Moret 2005-11-21 14:30:02 EST
Description of problem:

This bug is opened in relation to a feature request for support of blowfish
crypt in shadow/passwd files. glibc - crypt() should support blowfish in
addition to md5 hash.

Cf: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=173002
Comment 1 Robert Scheck 2006-05-29 13:33:48 EDT
I'm not sure, but did Bugzilla remove the keyword FutureFeature from this
report when adding me as Cc? If yes, slap one of the Bugzilla guys, please...
Comment 2 Ulrich Drepper 2007-09-19 18:40:16 EDT
Blowfish support will not be added since it doesn't solve the problem (see
http://people.redhat.com/drepper/sha-crypt.html).  But a new, safer, not based
on MD5 method will appear with the next rawhide build.
Comment 3 Ulrich Drepper 2008-03-30 02:39:05 EDT
As explained in comment #2, no change will come.  It's fixed differently.
Comment 4 Jo Rhett 2014-12-19 15:52:30 EST
This bug is closed because implementing it didn't solve a problem with a different, much weaker protocol? I beg to differ. Bcrypt solves every problem with SHA by removing its weak self entirely.

The fix for SHA did not solve this bug at all. Also, there is need for password synchronization across numerous infrastructures which any change to SHA did not solve.

This issue will be highlighted during our discussion with our sales rep for reasons why we won't be paying any more for Red Hat "support", if one can use the word that vaguely. Over the years we've learned that we're only paying for the privilege of being told what Red Hat can't be bothered to fix.

Note You need to log in before you can comment on or make changes to this bug.