proposal: x/crypto: add crypt(3) password hash algorithms

[danderson]

I'm writing code that has to generate crypt(3) compatible password hashes, for installation in /etc/shadow. A Google search for a library currently offers two abandoned github repositories, at least one of which is unsafe (ignores returned errors in the crypto logic), and a stack overflow answer that uses cgo to wrap libcrypt.

I'd like to propose adding solid Go implementations of the more common crypt(3) algorithms to x/crypto. Specifically, I'd like to have support for the ${1,5,6}$ algorithms (resp. MD5, SHA256, SHA512), as well as the older DES-based algorithm for universality. The package documentation should include a recommendation against using the crypt(3) algorithms unless compatibility with crypt(3)-using code is necessary, since there exist much better KDFs already in x/crypto if you're working with a clean slate.

If this sounds reasonable, I'm volunteering to provide the implementation.

[ianlancetaylor]

Seems reasonable to me, but CC @agl.

[danderson]

Ping @agl , does this sound like something you'd accept if I send patches?

[danderson]

Ping.

[bradfitz]

With suitable documentation as you mentioned, this sounds reasonable. Feel free to send a CL.

If if it turns out @agl later objects passionately, you can put it under go4.org if you want to give it a non-github import path.

[eikenb]

@danderson Any progress on this? I'm currently using a libpam wrapper but would much prefer a native implementation.

[stapelberg]

Note that in the meantime, https://github.com/GehirnInc/crypt has appeared.

[stapelberg]

There’s another copy of what seems to be largely the same code at https://github.com/tredoe/osutil/tree/master/user/crypt and https://github.com/ncw/pwhash.

I’d say it makes sense to provide a canonical implementation in x/crypto :)