1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
|
NAME
librecrypt - Offline-hardenable password hashing
SYNOPSIS
#include <librecrypt.h>
Link with -lrecrypt. Static linking may require additional
flags depending on enabled hash algorithms.
DESCRIPTION
The librecrypt library provides a unified interface for
several password hash functions and the ability to chain
password hash functions so that a weaking hashed password
can be hardend, without knowing the plain-text password,
by hashing the hash with a stronger function.
librecrypt extends crypt(3)'s password hash string syntax
by introducing the '>' character to specifying chaining.
The left-most hash function is used on the plain-text
password, and the next to the right, is used on the binary
hash result, and so on, and only the final hash is stored
in the string: as part of the last '>'-delimited section.
It also supports specifying a password hashing configuration
without specifying actual salt values, but instead how many
bytes of salt to generate. This done using asterisk-encoding:
an ASCII asterisk character ('*') followed by the number of
bytes encoded as a non-negative decimal number in ASCII.
The librecrypt library implements the following functions:
Password hashing functions:
librecrypt_crypt(3)
Compute password hash encoded in ASCII with settings
prefix.
librecrypt_hash(3)
Compute password hash encoded in ASCII without
settings prefix.
librecrypt_hash_binary(3)
Compute password hash in raw binary form.
librecrypt_add_algorithm(3)
Append an algorithm chain to a password hash string.
Password hashing configuration generation functions:
librecrypt_test_supported(3)
Check whether an algorithm chain is supported.
librecrypt_make_settings(3)
Generate a password hash settings string.
librecrypt_realise_salts(3)
Realise asterisk-encoded random salts in a settings
string.
Secure application helper functions:
librecrypt_equal(3)
Compare strings in constant time.
librecrypt_equal_binary(3)
Compare memory segments in constant time.
librecrypt_wipe(3)
Securely erase a memory buffer.
librecrypt_wipe_str(3)
Securely erase a string.
Password hash string decomposition functions (ADVANCED):
librecrypt_settings_prefix(3)
Get length of settings prefix in a password hash
string.
librecrypt_chain_length(3)
Get number of algorithms in a chained password hash
string.
librecrypt_decompose_chain(3)
Split a chained password hash string into algorithm
components.
librecrypt_decompose_chain1(3)
Replace algorithm link delimiters with null bytes.
librecrypt_next_algorithm(3)
Iterate over algorithms in a chained password hash
string.
Binary value encoding functions (ADVANCED):
librecrypt_encode(3)
Encode binary salt or hash result into ASCII.
librecrypt_decode(3)
Decode ASCII encoding of a salt or hash result into
binary.
librecrypt_get_encoding(3)
Get encoding alphabet for the last algorithm in a
chain.
NOTES
Using librecrypt_add_algorithm(3) to hash existing password
hashes should be used as a transitional mitigation strategy
when replaing an old password hash function. Once the password
is available in clear text, it should be hashed anew using
only the new password hash function: this will both increase
security and reducing login it, allowing for stronger hash
function configurations. This is especially important if the
password is actually a key and longer than the old hash. It
is also a good idea to force password reset, and lock any
account that hasn't reset its password, because it is
possibly that the old password hashes has been leaked and it
will force a fresh hashing even one counts that seldom log in.
SEE ALSO
crypt(3), crypt(5)
|
