Austin Group Defect Tracker

Aardvark Mark IV


Viewing Issue Simple Details Jump to Notes ] Issue History ] Print ]
ID Category Severity Type Date Submitted Last Update
0001192 [1003.1(2016/18)/Issue7+TC2] System Interfaces Comment Enhancement Request 2018-04-16 18:39 2020-04-27 11:04
Reporter zackw View Status public  
Assigned To
Priority normal Resolution Accepted As Marked  
Status Applied  
Name Zack Weinberg
Organization GNU
User Reference
Section XSH encrypt, setkey; XBD unistd.h, stdlib.h
Page Number unknown
Line Number unknown
Interp Status ---
Final Accepted Text Note: 0004279
Summary 0001192: Formally obsolete the DES encryption functions 'encrypt' and 'setkey'
Description The functions 'encrypt' and 'setkey' can be used together to encrypt or decrypt a single block (64 bits) of data with the DES block cipher. (The cipher is not actually specified in POSIX, but interoperability dictates the use of DES.)

These functions should not be used in new applications for several reasons. Most importantly, the DES block cipher has been obsolete for many years (quoting RFC 4772 <https://tools.ietf.org/html/rfc4772>, [^] "For many years now, DES usage has been actively discouraged by the security area of the IETF" -- that was 2006). Also, they are not thread safe; they can only encrypt or decrypt a single 64-bit block of data, requiring programmers to implement an "mode of operation" by hand if they want to process more data than that; they use an awkward one-bit-per-byte representation of their input and output; and decryption is only optionally available.

I request that these functions be formally obsoleted and, in due course, removed from the standard.

I also recommend that the CRYPT option group change its full name to "Password Hashing Option Group", as the sole non-obsolescent function in that group is crypt(), which performs password hashing.
Desired Action # Obsoletion of encrypt and setkey

XSH 'encrypt':
  SYNOPSIS: Change the margin code from XSI to OB XSI.
  APPLICATION USAGE: Change the first paragraph from "Historical implementations
    of the encrypt() function used a rather primitive encoding algorithm." to
    "The encrypt() function historically used the DES block cipher, which is
    no longer considered secure."
  FUTURE DIRECTIONS: Change text from "A future version of the standard
    may mark this interface as obsolete or remove it altogether" to "The
    encrypt() function may be removed in a future version."
  CHANGE HISTORY:
    Add "The encrypt() function is marked obsolescent."

XSH 'setkey':
  SYNOPSIS: Change the margin code from XSI to OB XSI.
  FUTURE DIRECTIONS: Change text from "A future version of the standard
    may mark this interface as obsolete or remove it altogether" to "The
    setkey() function may be removed in a future version."
  CHANGE HISTORY:
    Add "The setkey() function is marked obsolescent."

XBD 'unistd.h':
  Change the margin code for the declaration of encrypt() from XSI to OB XSI.

XBD 'stdlib.h':
  Change the margin code for the declaration of setkey() from XSI to OB XSI.

XBD chapter 2 section 2.1.5 ("Option Groups") subsection "Encryption":
  Change the list of functions included in the Encryption Option Group from

        crypt(), encrypt(), setkey()

  to

        crypt(), [OB XSI> encrypt(), setkey() <OB XSI]


# Rename Encryption Option Group to Password Hashing Option Group

XBD chapter 2 section 2.1.5 ("Option Groups"):
  Change the name of the "Encryption" subsection to "Password Hashing".
  Change all occurrences of the term "Encryption Option Group" to "Password Hashing Option Group".

XBD 'unistd.h':
  Change all occurrences of the term "Encryption Option Group" to "Password Hashing Option Group".

XBD "Codes" popup:
  Change all occurrences of the term "Encryption Option Group" to "Password Hashing Option Group".

XSH 'crypt':
  NAME: change "string encoding function" to "password hashing function"
  DESCRIPTION: change "The crypt() function is a string encoding function" to "The crypt() function hashes a password for storage in the user database"; change "The _key_ argument points to a string to be encoded" to "The _key_ argument points to a password to be hashed".
  RETURN VALUE: change "shall return a pointer to the encoded string" to "shall return a pointer to the hashed password".
Tags issue8
Attached Files

- Relationships
has duplicate 0000931Closed 1003.1(2013)/Issue7+TC1 mark encrypt, setkey as OBS 

-  Notes
(0004279)
geoffclare (manager)
2019-03-07 16:53

XSH 'encrypt':
  SYNOPSIS: Change the margin code from XSI to OB XSI.
  APPLICATION USAGE: Change the first paragraph from "Historical implementations
    of the encrypt() function used a rather primitive encoding algorithm." to
    "The encrypt() function historically used the DES block cipher, which is
    no longer considered secure."
  FUTURE DIRECTIONS: Change text from "A future version of the standard
    may mark this interface as obsolete or remove it altogether" to "The
    encrypt() function may be removed in a future version."
  CHANGE HISTORY:
    Add "The encrypt() function is marked obsolescent."

XSH 'setkey':
  SYNOPSIS: Change the margin code from XSI to OB XSI.
  FUTURE DIRECTIONS: Change text from "A future version of the standard
    may mark this interface as obsolete or remove it altogether" to "The
    setkey() function may be removed in a future version."
  CHANGE HISTORY:
    Add "The setkey() function is marked obsolescent."

XBD 'unistd.h':
  Change the margin code for the declaration of encrypt() from XSI to OB XSI.

XBD 'stdlib.h':
  Change the margin code for the declaration of setkey() from XSI to OB XSI.

XBD chapter 2 section 2.1.5 ("Option Groups") subsection "Encryption":
  Change the list of functions included in the Encryption Option Group from

        crypt(), encrypt(), setkey()

  to

        crypt(), [OB]encrypt(), setkey()[/OB]


XSH 'crypt':
  NAME: change "string encoding function" to "password hashing function"
  DESCRIPTION: change "The crypt() function is a string encoding function" to "The crypt() function hashes a password for storage in the user database"; change "The key argument points to a string to be encoded" to "The key argument points to a password to be hashed".
  RETURN VALUE: change "shall return a pointer to the encoded string" to "shall return a pointer to the hashed password".
(0004371)
stephane (reporter)
2019-04-25 21:30

overlaps with 0000931
(0004374)
geoffclare (manager)
2019-04-26 09:00

It looks like the changes here are a superset of those in bug 0000931 (apart from a trivial variation of the future directions wording). Therefore I propose that we close 931 as a duplicate of this bug.

- Issue History
Date Modified Username Field Change
2018-04-16 18:39 zackw New Issue
2018-04-16 18:39 zackw Name => Zack Weinberg
2018-04-16 18:39 zackw Organization => GNU
2018-04-16 18:39 zackw Section => XSH encrypt, setkey; XBD unistd.h, stdlib.h
2018-04-16 18:39 zackw Page Number => unknown
2018-04-16 18:39 zackw Line Number => unknown
2019-03-07 16:53 geoffclare Note Added: 0004279
2019-03-07 16:54 geoffclare Interp Status => ---
2019-03-07 16:54 geoffclare Final Accepted Text => Note: 0004279
2019-03-07 16:54 geoffclare Status New => Resolved
2019-03-07 16:54 geoffclare Resolution Open => Accepted As Marked
2019-03-07 16:54 geoffclare Description Updated
2019-03-07 16:55 geoffclare Tag Attached: issue8
2019-04-25 21:30 stephane Note Added: 0004371
2019-04-25 22:54 eblake Relationship added related to 0000931
2019-04-26 09:00 geoffclare Note Added: 0004374
2019-04-29 15:09 geoffclare Relationship replaced has duplicate 0000931
2020-04-27 11:04 geoffclare Status Resolved => Applied


Mantis 1.1.6[^]
Copyright © 2000 - 2008 Mantis Group
Powered by Mantis Bugtracker