From 9bbd611b0fb0981f8d410b38c5841c1a9ea9fae1 Mon Sep 17 00:00:00 2001 From: Gina Peter Banyard Date: Fri, 20 Dec 2024 13:09:02 +0000 Subject: [PATCH] Fix indentation for XPass constants --- reference/xpass/constants.xml | 436 +++++++++++++++++----------------- 1 file changed, 218 insertions(+), 218 deletions(-) diff --git a/reference/xpass/constants.xml b/reference/xpass/constants.xml index 87f0e69c6da3..3fe506b66875 100644 --- a/reference/xpass/constants.xml +++ b/reference/xpass/constants.xml @@ -13,235 +13,235 @@ Hashing methods - - - CRYPT_PREFIX_STD_DES - (string) - - - - The original hashing method from Unix V7, based on the DES block cipher. - Because DES is cheap on modern hardware, - because there are only 4096 possible salts and 2**56 distinct passphrases, - which it truncates to 8 characters, - it is feasible to discover any passphrase hashed with this method. - It should only be used if you absolutely have to generate hashes that will - work on an old operating system that supports nothing else. - - - - - - CRYPT_PREFIX_EXT_DES - (string) - - - - An extension of traditional DES, which eliminates the length limit, - increases the salt size, and makes the time cost tunable. - It originates with BSDI BSD/OS and is also available on at least NetBSD, - OpenBSD, and FreeBSD due to the use of David Burren's FreeSec library. - It is much better than traditional DES and bigcrypt, - but still should not be used for new hashes. - - - - - - CRYPT_PREFIX_MD5 - (string) - - - - A hash based on the MD5 algorithm, originally developed by Poul-Henning Kamp for FreeBSD. - Supported on most free Unixes and newer versions of Solaris. - Not as weak as the DES-based hashes below, - but MD5 is so cheap on modern hardware that it should not be used for new hashes. - Processing cost is not adjustable. - - - - - - CRYPT_PREFIX_BLOWFISH - (string) - - - - A hash based on the Blowfish block cipher, modified to have an extra-expensive key schedule. - Originally developed by Niels Provos and David Mazieres for OpenBSD and also supported on recent - versions of FreeBSD and NetBSD, on Solaris 10 and newer, and on several GNU/*/Linux distributions. - - - - - - CRYPT_PREFIX_SHA256 - (string) - - - - A hash based on SHA-2 with 256-bit output, originally developed by Ulrich Drepper for GNU libc. - Supported on Linux but not common elsewhere. - Acceptable for new hashes. - The default processing cost parameter is 5000, - which is too low for modern hardware. - - - - - - CRYPT_PREFIX_SHA512 - (string) - - - - A hash based on SHA-2 with 512-bit output, originally developed by Ulrich Drepper for GNU libc. - Supported on Linux but not common elsewhere. - Acceptable for new hashes. - The default processing cost parameter is 5000, - which is too low for modern hardware. - - - - - - CRYPT_PREFIX_SCRYPT - (string) - - - - Scrypt is a password-based key derivation function created by Colin Percival, - originally for the Tarsnap online backup service. - The algorithm was specifically designed to make it costly to perform - large-scale custom hardware attacks by requiring large amounts of memory. - In 2016, the scrypt algorithm was published by IETF as RFC 7914. - - - - - - CRYPT_PREFIX_GOST_YESCRYPT - (string) - - - - Gost-yescrypt uses the output from yescrypt as an input message to HMAC with the - GOST R 34.11-2012 (Streebog) hash function with a 256-bit digest. - Thus, yescrypt's cryptographic properties are superseded by those of the GOST hash function. - This hashing method is useful in applications that need modern passphrase hashing, - but have to rely on GOST algorithms. - The GOST R 34.11-2012 (Streebog) hash function has been published by the IETF as RFC 6986. - Acceptable for new hashes where required. - - - - - - CRYPT_PREFIX_YESCRYPT - (string) - - - - Yescrypt is a scalable passphrase hashing scheme designed by Solar Designer, - which is based on Colin Percival's scrypt. - While yescrypt's strength against password guessing attacks comes from its algorithm design, - its cryptographic security is guaranteed by its use of SHA-256 on the outer layer. - The SHA-256 hash function has been published by NIST in FIPS PUB 180-2 - (and its subsequent revisions such as FIPS PUB 180-4) and by the IETF as RFC 4634 - (and subsequently RFC 6234). - Recommended for new hashes. - - - - + + + CRYPT_PREFIX_STD_DES + (string) + + + + The original hashing method from Unix V7, based on the DES block cipher. + Because DES is cheap on modern hardware, + because there are only 4096 possible salts and 2**56 distinct passphrases, + which it truncates to 8 characters, + it is feasible to discover any passphrase hashed with this method. + It should only be used if you absolutely have to generate hashes that will + work on an old operating system that supports nothing else. + + + + + + CRYPT_PREFIX_EXT_DES + (string) + + + + An extension of traditional DES, which eliminates the length limit, + increases the salt size, and makes the time cost tunable. + It originates with BSDI BSD/OS and is also available on at least NetBSD, + OpenBSD, and FreeBSD due to the use of David Burren's FreeSec library. + It is much better than traditional DES and bigcrypt, + but still should not be used for new hashes. + + + + + + CRYPT_PREFIX_MD5 + (string) + + + + A hash based on the MD5 algorithm, originally developed by Poul-Henning Kamp for FreeBSD. + Supported on most free Unixes and newer versions of Solaris. + Not as weak as the DES-based hashes below, + but MD5 is so cheap on modern hardware that it should not be used for new hashes. + Processing cost is not adjustable. + + + + + + CRYPT_PREFIX_BLOWFISH + (string) + + + + A hash based on the Blowfish block cipher, modified to have an extra-expensive key schedule. + Originally developed by Niels Provos and David Mazieres for OpenBSD and also supported on recent + versions of FreeBSD and NetBSD, on Solaris 10 and newer, and on several GNU/*/Linux distributions. + + + + + + CRYPT_PREFIX_SHA256 + (string) + + + + A hash based on SHA-2 with 256-bit output, originally developed by Ulrich Drepper for GNU libc. + Supported on Linux but not common elsewhere. + Acceptable for new hashes. + The default processing cost parameter is 5000, + which is too low for modern hardware. + + + + + + CRYPT_PREFIX_SHA512 + (string) + + + + A hash based on SHA-2 with 512-bit output, originally developed by Ulrich Drepper for GNU libc. + Supported on Linux but not common elsewhere. + Acceptable for new hashes. + The default processing cost parameter is 5000, + which is too low for modern hardware. + + + + + + CRYPT_PREFIX_SCRYPT + (string) + + + + Scrypt is a password-based key derivation function created by Colin Percival, + originally for the Tarsnap online backup service. + The algorithm was specifically designed to make it costly to perform + large-scale custom hardware attacks by requiring large amounts of memory. + In 2016, the scrypt algorithm was published by IETF as RFC 7914. + + + + + + CRYPT_PREFIX_GOST_YESCRYPT + (string) + + + + Gost-yescrypt uses the output from yescrypt as an input message to HMAC with the + GOST R 34.11-2012 (Streebog) hash function with a 256-bit digest. + Thus, yescrypt's cryptographic properties are superseded by those of the GOST hash function. + This hashing method is useful in applications that need modern passphrase hashing, + but have to rely on GOST algorithms. + The GOST R 34.11-2012 (Streebog) hash function has been published by the IETF as RFC 6986. + Acceptable for new hashes where required. + + + + + + CRYPT_PREFIX_YESCRYPT + (string) + + + + Yescrypt is a scalable passphrase hashing scheme designed by Solar Designer, + which is based on Colin Percival's scrypt. + While yescrypt's strength against password guessing attacks comes from its algorithm design, + its cryptographic security is guaranteed by its use of SHA-256 on the outer layer. + The SHA-256 hash function has been published by NIST in FIPS PUB 180-2 + (and its subsequent revisions such as FIPS PUB 180-4) and by the IETF as RFC 4634 + (and subsequently RFC 6234). + Recommended for new hashes. + + + + Error codes - - - CRYPT_SALT_OK - (int) - - - + + + CRYPT_SALT_OK + (int) + + + No error. - - - - - - CRYPT_SALT_INVALID - (int) - - - + + + + + + CRYPT_SALT_INVALID + (int) + + + Unknown hashing method or invalid parameters. - - - - - - CRYPT_SALT_METHOD_DISABLED - (int) - - - + + + + + + CRYPT_SALT_METHOD_DISABLED + (int) + + + Hashing method is no longer allowed to be used. - - - - - - CRYPT_SALT_METHOD_LEGACY - (int) - - - + + + + + + CRYPT_SALT_METHOD_LEGACY + (int) + + + Hashing method is no longer considered strong enough. - - - - - - CRYPT_SALT_TOO_CHEAP - (int) - - - + + + + + + CRYPT_SALT_TOO_CHEAP + (int) + + + Cost parameters are considered too cheap. - - - - + + + + Password algorithms - - - PASSWORD_SHA512 - (string) - - - - PASSWORD_SHA512 is used to create new password - hashes using the CRYPT_SHA512 algorithm. - - - - - - PASSWORD_YESCRYPT - (string) - - - - PASSWORD_YESCRYPT is used to create new password - hashes using the CRYPT_YESCRYPT algorithm. - - - - + + + PASSWORD_SHA512 + (string) + + + + PASSWORD_SHA512 is used to create new password + hashes using the CRYPT_SHA512 algorithm. + + + + + + PASSWORD_YESCRYPT + (string) + + + + PASSWORD_YESCRYPT is used to create new password + hashes using the CRYPT_YESCRYPT algorithm. + + + +