Austin Group Defect Tracker

Aardvark Mark III


Viewing Issue Simple Details Jump to Notes ] Issue History ] Print ]
ID Category Severity Type Date Submitted Last Update
0001192 [1003.1(2016)/Issue7+TC2] System Interfaces Comment Enhancement Request 2018-04-16 18:39 2018-04-16 18:39
Reporter zackw View Status public  
Assigned To
Priority normal Resolution Open  
Status New  
Name Zack Weinberg
Organization GNU
User Reference
Section XSH encrypt, setkey; XBD unistd.h, stdlib.h
Page Number unknown
Line Number unknown
Interp Status ---
Final Accepted Text
Summary 0001192: Formally obsolete the DES encryption functions 'encrypt' and 'setkey'
Description
The functions 'encrypt' and 'setkey' can be used together to encrypt or decrypt a single block (64 bits) of data with the DES block cipher. (The cipher is not actually specified in POSIX, but interoperability dictates the use of DES.)

These functions should not be used in new applications for several reasons. Most importantly, the DES block cipher has been obsolete for many years (quoting RFC 4772 <https://tools.ietf.org/html/rfc4772>, [^] "For many years now, DES usage has been actively discouraged by the security area of the IETF" -- that was 2006). Also, they are not thread safe; they can only encrypt or decrypt a single 64-bit block of data, requiring programmers to implement an "mode of operation" by hand if they want to process more data than that; they use an awkward one-bit-per-byte representation of their input and output; and decryption is only optionally available.

I request that these functions be formally obsoleted and, in due course, removed from the standard.

I also recommend that the CRYPT option group change its full name to "Password Hashing Option Group", as the sole non-obsolescent function in that group is crypt(), which performs password hashing.
Desired Action # Obsoletion of encrypt and setkey

XSH 'encrypt':
  SYNOPSIS: Change the margin code from XSI to OB XSI.
  APPLICATION USAGE: Change the first paragraph from "Historical implementations
    of the encrypt() function used a rather primitive encoding algorithm." to
    "The encrypt() function historically used the DES block cipher, which is
    no longer considered secure."
  FUTURE DIRECTIONS: Change text from "A future version of the standard
    may mark this interface as obsolete or remove it altogether" to "The
    encrypt() function may be removed in a future version."
  CHANGE HISTORY:
    Add "The encrypt() function is marked obsolescent."

XSH 'setkey':
  SYNOPSIS: Change the margin code from XSI to OB XSI.
  FUTURE DIRECTIONS: Change text from "A future version of the standard
    may mark this interface as obsolete or remove it altogether" to "The
    setkey() function may be removed in a future version."
  CHANGE HISTORY:
    Add "The setkey() function is marked obsolescent."

XBD 'unistd.h':
  Change the margin code for the declaration of encrypt() from XSI to OB XSI.

XBD 'stdlib.h':
  Change the margin code for the declaration of setkey() from XSI to OB XSI.

XBD chapter 2 section 2.1.5 ("Option Groups") subsection "Encryption":
  Change the list of functions included in the Encryption Option Group from

        crypt(), encrypt(), setkey()

  to

        crypt(), [OB XSI> encrypt(), setkey() <OB XSI]


# Rename Encryption Option Group to Password Hashing Option Group

XBD chapter 2 section 2.1.5 ("Option Groups"):
  Change the name of the "Encryption" subsection to "Password Hashing".
  Change all occurrences of the term "Encryption Option Group" to "Password Hashing Option Group".

XBD 'unistd.h':
  Change all occurrences of the term "Encryption Option Group" to "Password Hashing Option Group".

XBD "Codes" popup:
  Change all occurrences of the term "Encryption Option Group" to "Password Hashing Option Group".

XSH 'crypt':
  NAME: change "string encoding function" to "password hashing function"
  DESCRIPTION: change "The crypt() function is a string encoding function" to "The crypt() function hashes a password for storage in the user database"; change "The _key_ argument points to a string to be encoded" to "The _key_ argument points to a password to be hashed".
  RETURN VALUE: change "shall return a pointer to the encoded string" to "shall return a pointer to the hashed password".
Tags No tags attached.
Attached Files

- Relationships

There are no notes attached to this issue.

- Issue History
Date Modified Username Field Change
2018-04-16 18:39 zackw New Issue
2018-04-16 18:39 zackw Name => Zack Weinberg
2018-04-16 18:39 zackw Organization => GNU
2018-04-16 18:39 zackw Section => XSH encrypt, setkey; XBD unistd.h, stdlib.h
2018-04-16 18:39 zackw Page Number => unknown
2018-04-16 18:39 zackw Line Number => unknown


Mantis 1.1.6[^]
Copyright © 2000 - 2008 Mantis Group
Powered by Mantis Bugtracker