Document a known bug in the DES crypt cipher implementation which we're

not going to fix in order to stay compatible with legacy password data. Nobody should use DES crypt anyway these days. See http://www.freebsd.org/security/advisories/FreeBSD-SA-12:02.crypt.asc for details about this bug. Discussed with deraadt and beck about half a year ago (I'm pruning Ms from my tree).
author: stsp <> 2012-11-30 13:51:11 +0000
committer: stsp <> 2012-11-30 13:51:11 +0000
commit: 6d6f692b7e1f31d605508c43f33d8e374326a67c (patch)
tree: 4b192238fc41264f8e262ec6f12a8ff9e27b5d0e /src/lib
parent: 0e46258b9990cfb456367b54a1dc872870086bd3 (diff)
download: openbsd-6d6f692b7e1f31d605508c43f33d8e374326a67c.tar.gz
openbsd-6d6f692b7e1f31d605508c43f33d8e374326a67c.tar.bz2
openbsd-6d6f692b7e1f31d605508c43f33d8e374326a67c.zip
1 files changed, 6 insertions, 2 deletions
diff --git a/src/lib/libc/crypt/crypt.3 b/src/lib/libc/crypt/crypt.3
index 8415f28b9b..3d9785fca9 100644
--- a/src/lib/libc/crypt/crypt.3
+++ b/src/lib/libc/crypt/crypt.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: crypt.3,v 1.28 2012/06/02 00:14:16 guenther Exp $
+.\" $OpenBSD: crypt.3,v 1.29 2012/11/30 13:51:11 stsp Exp $
 .\"
 .\" FreeSec: libcrypt
 .\"
@@ -31,7 +31,7 @@
 .\"
 .\" Manual page, using -mandoc macros
 .\"
-.Dd $Mdocdate: June 2 2012 $
+.Dd $Mdocdate: November 30 2012 $
 .Dt CRYPT 3
 .Os
 .Sh NAME
@@ -323,3 +323,7 @@ The
 function returns a pointer to static data, and subsequent calls to
 .Fn crypt
 will modify the same object.
+.Pp
+With DES hashing, passwords containing the byte 0x80 use less key entropy
+than other passwords.
+This is an implementation bug, not a bug in the DES cipher.
author	stsp <>	2012-11-30 13:51:11 +0000
committer	stsp <>	2012-11-30 13:51:11 +0000
commit	6d6f692b7e1f31d605508c43f33d8e374326a67c (patch)
tree	4b192238fc41264f8e262ec6f12a8ff9e27b5d0e /src/lib
parent	0e46258b9990cfb456367b54a1dc872870086bd3 (diff)
download	openbsd-6d6f692b7e1f31d605508c43f33d8e374326a67c.tar.gz openbsd-6d6f692b7e1f31d605508c43f33d8e374326a67c.tar.bz2 openbsd-6d6f692b7e1f31d605508c43f33d8e374326a67c.zip

diff --git a/src/lib/libc/crypt/crypt.3 b/src/lib/libc/crypt/crypt.3 index 8415f28b9b..3d9785fca9 100644 --- a/src/lib/libc/crypt/crypt.3 +++ b/src/lib/libc/crypt/crypt.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: crypt.3,v 1.28 2012/06/02 00:14:16 guenther Exp $	1	.\" $OpenBSD: crypt.3,v 1.29 2012/11/30 13:51:11 stsp Exp $
2	.\"	2	.\"
3	.\" FreeSec: libcrypt	3	.\" FreeSec: libcrypt
4	.\"	4	.\"
@@ -31,7 +31,7 @@
31	.\"	31	.\"
32	.\" Manual page, using -mandoc macros	32	.\" Manual page, using -mandoc macros
33	.\"	33	.\"
34	.Dd $Mdocdate: June 2 2012 $	34	.Dd $Mdocdate: November 30 2012 $
35	.Dt CRYPT 3	35	.Dt CRYPT 3
36	.Os	36	.Os
37	.Sh NAME	37	.Sh NAME
@@ -323,3 +323,7 @@ The
323	function returns a pointer to static data, and subsequent calls to	323	function returns a pointer to static data, and subsequent calls to
324	.Fn crypt	324	.Fn crypt
325	will modify the same object.	325	will modify the same object.
		326	.Pp
		327	With DES hashing, passwords containing the byte 0x80 use less key entropy
		328	than other passwords.
		329	This is an implementation bug, not a bug in the DES cipher.