diff options
| author | Xavier Del Campo Romero <xavi92@disroot.org> | 2025-10-08 13:50:52 +0200 |
|---|---|---|
| committer | Xavier Del Campo Romero <xavi92@disroot.org> | 2025-10-08 22:55:44 +0200 |
| commit | 10e42591ac72285736d5cc4ee5e7c2f68dbf1e4b (patch) | |
| tree | 3bb586177e375a6f7f91c0335876faefc28b805c /main.c | |
| parent | 805630dbfcd409a5d49bc89102f4183b71f713f9 (diff) | |
| download | slcl-10e42591ac72285736d5cc4ee5e7c2f68dbf1e4b.tar.gz | |
Replace OpenSSL with libsodium and argon2id
The SHA256-based password hashing algorithm used by slcl(1) and
usergen(1) is considered insecure against several kinds of attacks,
including brute force attacks. [1]
Therefore, a stronger password hashing algorithm based on the Argon2id
key derivation function is now used by default. While OpenSSL does
support Argon2id, it is only supported by very recent versions [2],
which are still not packaged by most distributions as of the time of
this writing. [3]
As an alternative to OpenSSL, libsodium [4] had several benefits:
- It provides easy-to-use functions for password hashing, base64
encoding/decoding and other cryptographic primitives used by slcl(1)
and usergen(1).
- It is packaged by most distributions [5], and most often only the patch
version differs, which ensures good compatibility across distributions.
Unfortunately, and as opposed to OpenSSL, libsodium does not come with
command-line tools. Therefore, usergen(1) had to be rewritten in C.
In order to maintain backwards compatiblity with existing databases,
slcl(1) and usergen(1) shall support the insecure, SHA256-based password
hashing algorithm. However, Argon2id shall now be the default choice for
usergen(1).
[1]: https://security.stackexchange.com/questions/195563/why-is-sha-256-not-good-for-passwords
[2]: https://docs.openssl.org/3.3/man7/EVP_KDF-ARGON2/
[3]: https://repology.org/project/openssl/versions
[4]: https://www.libsodium.org/
[5]: https://repology.org/project/libsodium/versions
Diffstat (limited to 'main.c')
| -rw-r--r-- | main.c | 18 |
1 files changed, 10 insertions, 8 deletions
@@ -18,6 +18,7 @@ #include <openssl/err.h> #include <openssl/rand.h> #include <dynstr.h> +#include <sodium.h> #include <dirent.h> #include <libgen.h> #include <fcntl.h> @@ -522,13 +523,9 @@ static char *create_symlink(const char *const dir, const char *user) dynstr_init(&abs); dynstr_init(&rel); - if (RAND_bytes(buf, sizeof buf) != 1) - { - fprintf(stderr, "%s: RAND_bytes failed with %lu\n", - __func__, ERR_get_error()); - goto end; - } - else if (hex_encode(buf, dbuf, sizeof buf, sizeof dbuf)) + randombytes_buf(buf, sizeof buf); + + if (hex_encode(buf, dbuf, sizeof buf, sizeof dbuf)) { fprintf(stderr, "%s: hex_encode failed\n", __func__); goto end; @@ -2650,7 +2647,12 @@ int main(int argc, char *argv[]) dynstr_init(&ua.d); - if (parse_args(argc, argv, &dir, &port, &tmpdir, &ua.fifo) + if (sodium_init()) + { + fprintf(stderr, "%s: sodium_init failed\n", __func__); + goto end; + } + else if (parse_args(argc, argv, &dir, &port, &tmpdir, &ua.fifo) || init_dirs(dir) || ensure_style(dir) || !(ua.a = auth_alloc(dir)) |