From Fedora Project Wiki
(Add summary)
(Add detailed description)
Line 22: Line 22:
== Detailed Description ==
== Detailed Description ==


Since there has been some discussion in the last time about [https://sourceware.org/ml/libc-alpha/2017-08/msg01257.html removing libcrypt from glibc] in some time and splitting it out into a separate project which can evolve quicker, Zack Weinberg and I put some work into [https://github.com/besser82/libxcrypt libxcrypt] to make it a basically suitable replacement.


libxcrypt is fully binary compatible with software linked against glibc's libcrypt and does not require any rebuilds.  However, the converse is not true: programs linked against libxcrypt will not work with glibc's libcrypt.  Also, programs that use certain legacy APIs supplied by glibc's libcrypt (encrypt, encrypt_r, setkey, setkey_r, and fcrypt) cannot be compiled against libxcrypt.
It comes with a set of extended interfaces pioneered by Openwall Linux, crypt_rn, crypt_ra, crypt_gensalt, crypt_gensalt_rn, and crypt_gensalt_ra.
The crypt and gensalt functions are supporting all (except for Crypt16, which was used on Ultrix and Tru64, only) [https://en.wikipedia.org/wiki/Crypt_(C)#Key_derivation_functions_supported_by_crypt widely used password hashing algorithms], which before were [https://en.wikipedia.org/wiki/Crypt_(C)#Support_in_operating_systems specific to just some operating system's implementations] of libcrypt.





Revision as of 11:42, 11 November 2017

Replace glibc's libcrypt with libxcrypt

Summary

There are plans to remove libcrypt from glibc, so we should have a replacement.


Owner

  • Name: Björn Esser
  • Email: besser82@fedoraproject.org
  • Release notes owner:


Current status

  • Targeted release: Fedora 28
  • Last updated: 2017-11-11
  • Tracker bug: <will be assigned by the Wrangler>


Detailed Description

Since there has been some discussion in the last time about removing libcrypt from glibc in some time and splitting it out into a separate project which can evolve quicker, Zack Weinberg and I put some work into libxcrypt to make it a basically suitable replacement.

libxcrypt is fully binary compatible with software linked against glibc's libcrypt and does not require any rebuilds. However, the converse is not true: programs linked against libxcrypt will not work with glibc's libcrypt. Also, programs that use certain legacy APIs supplied by glibc's libcrypt (encrypt, encrypt_r, setkey, setkey_r, and fcrypt) cannot be compiled against libxcrypt.

It comes with a set of extended interfaces pioneered by Openwall Linux, crypt_rn, crypt_ra, crypt_gensalt, crypt_gensalt_rn, and crypt_gensalt_ra.

The crypt and gensalt functions are supporting all (except for Crypt16, which was used on Ultrix and Tru64, only) widely used password hashing algorithms, which before were specific to just some operating system's implementations of libcrypt.


Benefit to Fedora

Scope

  • Proposal owners:
  • Other developers:
  • Release engineering: #Releng issue number (a check of an impact with Release Engineering is needed)
  • Policies and guidelines:
  • Trademark approval: N/A (not needed for this Change)


Upgrade/compatibility impact

How To Test

User Experience

Dependencies

Contingency Plan

  • Contingency mechanism: Revert changes and restore glibc's libcrypt
  • Contingency deadline: Completion deadline (testable)
  • Blocks release? Yes
  • Blocks product? none


Documentation

Release Notes