Re: crypt_r()?

To: tech-userlevel%NetBSD.org@localhost
Subject: Re: crypt_r()?
From: Mouse <mouse%Rodents-Montreal.ORG@localhost>
Date: Mon, 7 Feb 2022 14:57:01 -0500 (EST)

>> I've been asked by the filezilla software developer if NetBSD will
>> add crypt_r() as a thread-safe crypt() replacement.
> I don't exactly see the point.

Thread safety, presumably.  crypt(3) returns a pointer into a static
buffer.  I daresay it could be made to return a pointer into TLS when
running threaded, but I think crypt_r makes more sense.  I even have,
on some small number of occasions, wanted a crypt_r without threads
(though without threads or at least signals it's just a strcpy or
strdup away).

> If I wanted to provide a more modern interface, it would be for
> password verification only and include constant time guarantees,
> which the existing interface can't provide.

Nobody's stopping you.

For many purposes, crypt_r has the major advantage over what you
describe that it is trivial changes to existing code.  (In most cases,
I suspect using what you're thinking of would be almost as trivial.
But without a design to look at it's hard to tell.  Admittedly, crypt_r
_could_ mean pretty much anything, but it strikes me as unlikely wiz
would use that name without meaning exactly what I daresay everybody
here takes it to mean.)

/~\ The ASCII				  Mouse
\ / Ribbon Campaign
 X  Against HTML		mouse%rodents-montreal.org@localhost
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

References:
- crypt_r()?
  - From: Thomas Klausner
- Re: crypt_r()?
  - From: Joerg Sonnenberger

Prev by Date: Re: crypt_r()?
Next by Date: lib/libcrypt/crypt-argon2.c: ctx.{out,outlen} assigned twice
Previous by Thread: Re: crypt_r()?
Next by Thread: Re: crypt_r()?
Indexes:

Home | Main Index | Thread Index | Old Index