crypt(3) lacks Blowfish support

Bug #1349252 reported by Dan Quade on 2014-07-28
22
This bug affects 4 people
Affects Status Importance Assigned to Milestone
glibc (Ubuntu)
Wishlist
Dimitri John Ledkov
linux (Ubuntu)
Undecided
Unassigned

Bug Description

crypt(3) bundled with Ubuntu's GNU C Library supports MD5, DES, SHA256 and SHA512 hashing methods, but lacks support for Blowfish (aka bcrypt).

There is a patch available from Openwall: http://www.openwall.com/crypt/

Dan Quade (danquade) wrote :

Some potentially useful info on the topic: http://log.or.cz/?p=56

This bug is missing log files that will aid in diagnosing the problem. From a terminal window please run:

apport-collect 1349252

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
Dimitri John Ledkov (xnox) wrote :

http://www.akkadia.org/drepper/sha-crypt.html

Please use SHA-512 or SHA-256, available universally since 2.7.

Changed in glibc (Ubuntu):
status: New → Won't Fix
assignee: nobody → Dimitri John Ledkov (xnox)
Changed in linux (Ubuntu):
status: Incomplete → Invalid
Dan Quade (danquade) wrote :

Using sha-crypt is not a solution. Certain apps are built to use crypt(3) only and thus lack Blowfish support. You have 1 day to reopen this bug or I will make a new one.

On 28 July 2014 15:02, Dan Quade <email address hidden> wrote:
> Using sha-crypt is not a solution. Certain apps are built to use
> crypt(3) only and thus lack Blowfish support. You have 1 day to reopen
> this bug or I will make a new one.
>

In Ubuntu, we typically do not deviate from our upstreams and there
doesn't seem to be a compelling reason to do so here. Thus, consider
filing bug reports / request for Blowfish inclusion upstream and/or to
Debian package maintainers. Once blowfish is accepted in either of
those, such support would also tickle down to Ubuntu.

As to certain apps, they do know that crypt(3) on Linux does not
provide Blowfish thus if blowfish is required there is plenty of
crypto libraries in Ubuntu that provide Blowfish. For example, php
ships it's own implementations and provides Blowfish crypt support and
etc. So, what apps are you concerned about? and how are they broken on
Ubuntu? we can certainly fix those packages.

--
Regards,

Dimitri.

Changed in glibc (Ubuntu):
importance: Undecided → Wishlist
Dan Quade (danquade) wrote :

Alright, sorry for my rudeness and impatience. Granted, I am not familiar with how these things are usually handled around here. I am aware this is mainly an upstream issue, but from crypt(3)'s man page I assumed distros are the ones who choose whether to implement Blowfish support.

To quote the man page: Blowfish (not in mainline glibc; added in some Linux distributions)

A good example is FreeRADIUS which has support for crypt(3) but no native bcrypt support. On distributions where crypt(3) supports blowfish, freeradius will be able to use it as well through crypt_blowfish.

Another problem si that PHP not only supports blowfish, but makes it the default cypher. Obviously not Ubuntu's problem, but apparently they think blowfish is better than SHA-x. In my opinion if there is no consensus, then a reasonable compromise would be to try and support both cyphers wherever possible.

For password hashing, bcrypt *is* better, by design. There's absolutely no ambiguity here, the consensus is fully in favour of bcrypt. Hashes like SHA512 are general purpose, designed to run really fast, whereas bcrypt is explicitly for secure hashing and is deliberately, tuneably slow. There are many articles on the subject, here are some (from *5 years ago*!):

http://codahale.com/how-to-safely-store-a-password/
http://blog.codinghorror.com/speed-hashing/

Frankly I'm shocked this is even being questioned. Without bcrypt in libc, all apps that rely on libc for hashing (I've just run into it with dovecot in 14.04) are not as secure as they should be. Hasn't this been flagged by the Ubuntu security team?

Please ignore my last comment. bcrypt is undoubtedly better than a single round of SHA512 as a password hash (what I was on about), but SHA512 is not the same thing as the multiple rounds used in SHA512-CRYPT that's in libc and in Ulrich's paper.

Thommie Rother (t-rother) wrote :

Has there been any progress on this more than five year old topic?
The glibc of the long time supported 18.04.3 LTS still has no support for BLF-CRYPT. I saw that from debian-side blowfish is still not supported but some distros add it by themselves. Why not ubuntu?

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers