Hi All,
I'm writing to introduce myself in relation to my recent submission.
I've created bug 991314 (
https://bugzilla.redhat.com/show_bug.cgi?id=991314) in
relation to my scrypt library. Password compromises have become a major public issue
recently, and in the case of most of the developers I've talked to - they simply use
what's easily accessible to them.
For those who haven't seen it, scrypt was developed and documented here:
http://www.tarsnap.com/scrypt.html. In short, it's a password hashing algorithm
designed to be not only "CPU hard", as is exemplified with PBKDF2, but also
"memory hard". This creates difficulties for crackers using low memory FPGAs,
and clusters of cheap devices.
The library was picked up without my involvement for review in Debian, and has been
accepted into FreeBSD ports. By continuing this trend into Fedora we can encourage the
development of more secure platforms.
My coding style focuses heavily on portable, reliable code, and avoids unnecessary
features. You can see my typical testing process for libscrypt here, on which I will be
shortly adding Fedora 19 and FreeBSD:
http://www.lolware.net/libscrypttesting.txt
The website for my library is
http://www.lolware.net/libscrypt.html
And technical documentation is in the README, best seen here:
https://github.com/technion/libscrypt
Based on the above, I'd very much appreciate a sponsor to get my software packaged.
I am however - new the building a .spec file, and welcome any criticism related to it.
Joshua Small