On Mon, Jan 29, 2018 at 03:38:00PM +0100, Michael Schwendt wrote:
On Tue, 9 Jan 2018 18:46:06 +0100, Jan Kurik wrote:
= System Wide Change: Replace glibc's libcrypt with libxcrypt = https://fedoraproject.org/wiki/Changes/Replace_glibc_libcrypt_with_libxcrypt
Change owner(s):
- Björn Esser <besser82 AT fedoraproject DOT org,>
- Florian Weimer <fweimer AT redhat DOT com>
There are plans to remove libcrypt from glibc, so we should have a replacement.
Please clarify what exactly the plan is.
To replace libcrypt with a compatible library and with a grace period for apps to stop using deprecated functions that may be removed in the future?
Or to replace libcrypt with an incompatible library immediately with no grace period?
The reason why I ask is that Claws Mail still uses encrypt() with the sole purpose of being able to decrypt old passwords. It doesn't convert them to different encryption algorithms automatically, unless the user changes the password, and it doesn't force the user to set a Master Password either. Only the latter would add security since Claws Mail 3.14.0 (2016), which added that as a new feature.
virt-customize is in a similar situation, except that we are also writing passwords on very old operating system images that require crypt(3).
One thing we had a bug report about was the old virt-builder and virt-customize binaries segfaulting with the new glibc. This turns out because crypt(3) in the new glibc is still there but always(?) returns NULL which unfortunately our code wasn't expecting ... Something to be aware of anyway.
I have since modified virt-customize to use libxcrypt.
Rich.