Héctor Luis Gimbatti
2014-09-16 18:53:53 UTC
Greetings,
The current implementation of bcrypt found in OpenBSD (specifically /usr/src/lib/libc/crypto ) make use of arc4random "device" to generate the ''salt''.
I made some modifications in order to compile the code in linux so I can maintain a database in *nix of passwords for some program. Actually the code is very simple and thee modifications done to OBSD's bcrypt are trivial:
1. hardened BCRYPT_MAXSALT to 32, and BCRYPT_MINLOGROUNDS to 8. (the latter can be modified in runtime whereas the first is constant, but can be easily modified).
2. Instead of using arc4random_buf to compute the salt, I use RAND_seed and RAND_bytes which are included in openssl (-lcrypto)
What can be done, as I've done for this specific code, is to change the constants (currently the hex representation of pi digits) used to initialize P and S boxes to some other constants (cuberoot(prime(i)) , sqrt(prime(i)), etc) in order to produce unique crypto for an specific application or device.
If this is somehow useful for a project I can share the code
Cheers
The current implementation of bcrypt found in OpenBSD (specifically /usr/src/lib/libc/crypto ) make use of arc4random "device" to generate the ''salt''.
I made some modifications in order to compile the code in linux so I can maintain a database in *nix of passwords for some program. Actually the code is very simple and thee modifications done to OBSD's bcrypt are trivial:
1. hardened BCRYPT_MAXSALT to 32, and BCRYPT_MINLOGROUNDS to 8. (the latter can be modified in runtime whereas the first is constant, but can be easily modified).
2. Instead of using arc4random_buf to compute the salt, I use RAND_seed and RAND_bytes which are included in openssl (-lcrypto)
What can be done, as I've done for this specific code, is to change the constants (currently the hex representation of pi digits) used to initialize P and S boxes to some other constants (cuberoot(prime(i)) , sqrt(prime(i)), etc) in order to produce unique crypto for an specific application or device.
If this is somehow useful for a project I can share the code
Cheers