Austin Group Defect Tracker

Aardvark Mark IV


Viewing Issue Simple Details Jump to Notes ] Issue History ] Print ]
ID Category Severity Type Date Submitted Last Update
0000899 [1003.1(2013)/Issue7+TC1] System Interfaces Editorial Enhancement Request 2014-12-04 02:55 2019-06-10 08:54
Reporter tedu View Status public  
Assigned To ajosey
Priority normal Resolution Accepted As Marked  
Status Closed  
Name Ted Unangst
Organization OpenBSD
User Reference
Section setkey
Page Number 750
Line Number 25291
Interp Status ---
Final Accepted Text see Note: 0002578
Summary 0000899: Remove setkey and encrypt
Description DES is laughably bad now, and these interfaces are possibly worse. Passing a 64 (56) bit key in 64 chars? Only one global key?

The standard doesn't even actually specify DES, meaning it's useless from an interoperability standpoint.

Unlike the crypt interface, which has proven flexible enough to support extensions and better algorithms, it's not possible to somehow bend these functions into supporting a modern cipher.

A test build of the OpenBSD ports tree revealed one program using these functions. claws mail saves the user's password by encrypting it with a fixed key ("passkey0"). That code could be replaced by base64 "encryption" with identical security.
Desired Action Delete setkey(). Delete encrypt().
Tags tc2-2008
Attached Files

- Relationships
parent of 0000931Closed mark encrypt, setkey as OBS 

-  Notes
(0002578)
eblake (manager)
2015-03-12 15:58
edited on: 2015-03-12 16:05

For both Page 750 line 25291 (encrypt) and Page 1882 line 60535 (setkey), change the Future Directions wording from:
None.
to:
A future version of the standard may mark this interface as obsolete or remove it altogether.


On Page 710 line 24043 (crypt), add a paragraph to Application Usage:
Several implementations offer extensions via characters outside of the set specified for the salt argument for specifying alternative algorithms; while not portable, these extensions may offer better security. The use of crypt() for anything other than password hashing is not recommended.


- Issue History
Date Modified Username Field Change
2014-12-04 02:55 tedu New Issue
2014-12-04 02:55 tedu Status New => Under Review
2014-12-04 02:55 tedu Assigned To => ajosey
2014-12-04 02:55 tedu Name => Ted Unangst
2014-12-04 02:55 tedu Organization => OpenBSD
2014-12-04 02:55 tedu Section => setkey
2015-03-12 15:45 eblake Relationship added parent of 0000931
2015-03-12 15:46 eblake Tag Attached: tc2-2008
2015-03-12 15:58 eblake Note Added: 0002578
2015-03-12 16:01 eblake Note Edited: 0002578
2015-03-12 16:05 eblake Note Edited: 0002578
2015-03-12 16:08 eblake Page Number => 750
2015-03-12 16:08 eblake Line Number => 25291
2015-03-12 16:08 eblake Interp Status => ---
2015-03-12 16:08 eblake Final Accepted Text => see Note: 0002578
2015-03-12 16:08 eblake Status Under Review => Resolved
2015-03-12 16:08 eblake Resolution Open => Accepted As Marked
2015-04-10 09:05 geoffclare Project 1003.1(2008)/Issue 7 => 1003.1(2013)/Issue7+TC1
2015-08-27 08:00 dannyniu Issue Monitored: dannyniu
2019-06-10 08:54 agadmin Status Resolved => Closed


Mantis 1.1.6[^]
Copyright © 2000 - 2008 Mantis Group
Powered by Mantis Bugtracker