Anonymous | Login | 2024-09-07 15:31 UTC |
Main | My View | View Issues | Change Log | Docs |
Viewing Issue Simple Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||
ID | Category | Severity | Type | Date Submitted | Last Update | ||
0001192 | [1003.1(2016/18)/Issue7+TC2] System Interfaces | Comment | Enhancement Request | 2018-04-16 18:39 | 2024-06-11 09:08 | ||
Reporter | zackw | View Status | public | ||||
Assigned To | |||||||
Priority | normal | Resolution | Accepted As Marked | ||||
Status | Closed | ||||||
Name | Zack Weinberg | ||||||
Organization | GNU | ||||||
User Reference | |||||||
Section | XSH encrypt, setkey; XBD unistd.h, stdlib.h | ||||||
Page Number | unknown | ||||||
Line Number | unknown | ||||||
Interp Status | --- | ||||||
Final Accepted Text | Note: 0004279 | ||||||
Summary | 0001192: Formally obsolete the DES encryption functions 'encrypt' and 'setkey' | ||||||
Description |
The functions 'encrypt' and 'setkey' can be used together to encrypt or decrypt a single block (64 bits) of data with the DES block cipher. (The cipher is not actually specified in POSIX, but interoperability dictates the use of DES.) These functions should not be used in new applications for several reasons. Most importantly, the DES block cipher has been obsolete for many years (quoting RFC 4772 <https://tools.ietf.org/html/rfc4772>, [^] "For many years now, DES usage has been actively discouraged by the security area of the IETF" -- that was 2006). Also, they are not thread safe; they can only encrypt or decrypt a single 64-bit block of data, requiring programmers to implement an "mode of operation" by hand if they want to process more data than that; they use an awkward one-bit-per-byte representation of their input and output; and decryption is only optionally available. I request that these functions be formally obsoleted and, in due course, removed from the standard. I also recommend that the CRYPT option group change its full name to "Password Hashing Option Group", as the sole non-obsolescent function in that group is crypt(), which performs password hashing. |
||||||
Desired Action |
# Obsoletion of encrypt and setkey XSH 'encrypt': SYNOPSIS: Change the margin code from XSI to OB XSI. APPLICATION USAGE: Change the first paragraph from "Historical implementations of the encrypt() function used a rather primitive encoding algorithm." to "The encrypt() function historically used the DES block cipher, which is no longer considered secure." FUTURE DIRECTIONS: Change text from "A future version of the standard may mark this interface as obsolete or remove it altogether" to "The encrypt() function may be removed in a future version." CHANGE HISTORY: Add "The encrypt() function is marked obsolescent." XSH 'setkey': SYNOPSIS: Change the margin code from XSI to OB XSI. FUTURE DIRECTIONS: Change text from "A future version of the standard may mark this interface as obsolete or remove it altogether" to "The setkey() function may be removed in a future version." CHANGE HISTORY: Add "The setkey() function is marked obsolescent." XBD 'unistd.h': Change the margin code for the declaration of encrypt() from XSI to OB XSI. XBD 'stdlib.h': Change the margin code for the declaration of setkey() from XSI to OB XSI. XBD chapter 2 section 2.1.5 ("Option Groups") subsection "Encryption": Change the list of functions included in the Encryption Option Group from crypt(), encrypt(), setkey() to crypt(), [OB XSI> encrypt(), setkey() <OB XSI] # Rename Encryption Option Group to Password Hashing Option Group XBD chapter 2 section 2.1.5 ("Option Groups"): Change the name of the "Encryption" subsection to "Password Hashing". Change all occurrences of the term "Encryption Option Group" to "Password Hashing Option Group". XBD 'unistd.h': Change all occurrences of the term "Encryption Option Group" to "Password Hashing Option Group". XBD "Codes" popup: Change all occurrences of the term "Encryption Option Group" to "Password Hashing Option Group". XSH 'crypt': NAME: change "string encoding function" to "password hashing function" DESCRIPTION: change "The crypt() function is a string encoding function" to "The crypt() function hashes a password for storage in the user database"; change "The _key_ argument points to a string to be encoded" to "The _key_ argument points to a password to be hashed". RETURN VALUE: change "shall return a pointer to the encoded string" to "shall return a pointer to the hashed password". |
||||||
Tags | issue8 | ||||||
Attached Files | |||||||
|
Relationships | |||||||
|
Notes | |
(0004279) geoffclare (manager) 2019-03-07 16:53 |
XSH 'encrypt': SYNOPSIS: Change the margin code from XSI to OB XSI. APPLICATION USAGE: Change the first paragraph from "Historical implementations of the encrypt() function used a rather primitive encoding algorithm." to "The encrypt() function historically used the DES block cipher, which is no longer considered secure." FUTURE DIRECTIONS: Change text from "A future version of the standard may mark this interface as obsolete or remove it altogether" to "The encrypt() function may be removed in a future version." CHANGE HISTORY: Add "The encrypt() function is marked obsolescent." XSH 'setkey': SYNOPSIS: Change the margin code from XSI to OB XSI. FUTURE DIRECTIONS: Change text from "A future version of the standard may mark this interface as obsolete or remove it altogether" to "The setkey() function may be removed in a future version." CHANGE HISTORY: Add "The setkey() function is marked obsolescent." XBD 'unistd.h': Change the margin code for the declaration of encrypt() from XSI to OB XSI. XBD 'stdlib.h': Change the margin code for the declaration of setkey() from XSI to OB XSI. XBD chapter 2 section 2.1.5 ("Option Groups") subsection "Encryption": Change the list of functions included in the Encryption Option Group from crypt(), encrypt(), setkey() to crypt(), [OB]encrypt(), setkey()[/OB] XSH 'crypt': NAME: change "string encoding function" to "password hashing function" DESCRIPTION: change "The crypt() function is a string encoding function" to "The crypt() function hashes a password for storage in the user database"; change "The key argument points to a string to be encoded" to "The key argument points to a password to be hashed". RETURN VALUE: change "shall return a pointer to the encoded string" to "shall return a pointer to the hashed password". |
(0004371) stephane (reporter) 2019-04-25 21:30 |
overlaps with 0000931 |
(0004374) geoffclare (manager) 2019-04-26 09:00 |
It looks like the changes here are a superset of those in bug 0000931 (apart from a trivial variation of the future directions wording). Therefore I propose that we close 931 as a duplicate of this bug. |
Issue History | |||
Date Modified | Username | Field | Change |
2018-04-16 18:39 | zackw | New Issue | |
2018-04-16 18:39 | zackw | Name | => Zack Weinberg |
2018-04-16 18:39 | zackw | Organization | => GNU |
2018-04-16 18:39 | zackw | Section | => XSH encrypt, setkey; XBD unistd.h, stdlib.h |
2018-04-16 18:39 | zackw | Page Number | => unknown |
2018-04-16 18:39 | zackw | Line Number | => unknown |
2019-03-07 16:53 | geoffclare | Note Added: 0004279 | |
2019-03-07 16:54 | geoffclare | Interp Status | => --- |
2019-03-07 16:54 | geoffclare | Final Accepted Text | => Note: 0004279 |
2019-03-07 16:54 | geoffclare | Status | New => Resolved |
2019-03-07 16:54 | geoffclare | Resolution | Open => Accepted As Marked |
2019-03-07 16:54 | geoffclare | Description Updated | |
2019-03-07 16:55 | geoffclare | Tag Attached: issue8 | |
2019-04-25 21:30 | stephane | Note Added: 0004371 | |
2019-04-25 22:54 | eblake | Relationship added | related to 0000931 |
2019-04-26 09:00 | geoffclare | Note Added: 0004374 | |
2019-04-29 15:09 | geoffclare | Relationship replaced | has duplicate 0000931 |
2020-04-27 11:04 | geoffclare | Status | Resolved => Applied |
2024-06-11 09:08 | agadmin | Status | Applied => Closed |
Mantis 1.1.6[^] Copyright © 2000 - 2008 Mantis Group |