From 5f88d867e80a15cd77f1c7e81d62eb0d72c0debf Mon Sep 17 00:00:00 2001
From: Stefan Sperling <stsp@cvs.openbsd.org>
Date: Fri, 30 Nov 2012 13:51:12 +0000
Subject: Document a known bug in the DES crypt cipher implementation which
 we're not going to fix in order to stay compatible with legacy password data.
 Nobody should use DES crypt anyway these days. See
 http://www.freebsd.org/security/advisories/FreeBSD-SA-12:02.crypt.asc for
 details about this bug.

Discussed with deraadt and beck about half a year ago (I'm pruning Ms
from my tree).
---
 lib/libc/crypt/crypt.3 | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'lib/libc')

diff --git a/lib/libc/crypt/crypt.3 b/lib/libc/crypt/crypt.3
index 8415f28b9bc..3d9785fca97 100644
--- a/lib/libc/crypt/crypt.3
+++ b/lib/libc/crypt/crypt.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: crypt.3,v 1.28 2012/06/02 00:14:16 guenther Exp $
+.\" $OpenBSD: crypt.3,v 1.29 2012/11/30 13:51:11 stsp Exp $
 .\"
 .\" FreeSec: libcrypt
 .\"
@@ -31,7 +31,7 @@
 .\"
 .\" Manual page, using -mandoc macros
 .\"
-.Dd $Mdocdate: June 2 2012 $
+.Dd $Mdocdate: November 30 2012 $
 .Dt CRYPT 3
 .Os
 .Sh NAME
@@ -323,3 +323,7 @@ The
 function returns a pointer to static data, and subsequent calls to
 .Fn crypt
 will modify the same object.
+.Pp
+With DES hashing, passwords containing the byte 0x80 use less key entropy
+than other passwords.
+This is an implementation bug, not a bug in the DES cipher.
-- 
cgit v1.2.3