Dr Paul Dale wrote:
In the deprecation efforts for 3.0, I’ve hit something in the DES code that I’d
appreciate input on.
There are two functions (DES_crypt and DES_fcrypt) which implement the old
crypt(3) password algorithm. Once these are deprecated, they will no longer be
reachable via EVP. The confounding point is that they aren’t quite DES — close
but not identical. I would be surprised if they aren’t still in use for
/etc/passwd files on old and/or embedded systems.
[SNIP]
Thoughts? Other alternatives?
Linux and BSD crypt(3) manual pages refer to crypt library. Also
crypt(3) is not only for DES. It has more features. Why to use OpenSSL
functions then?
Also OpenSSL build now does not remove deprecated function. So package
manages could decide API level compatibility and in addition to remove
or not deprecated functions.
Regards,
Roumen Petrov
