Recently, Adobe was hacked, resulting in, among other breakages, the loss of 130 million passwords. It was revealed that the passwords were encrypted using ECB, electronic cookbook mode, which is a rather poor way of securing passwords.
The MacRumors forum site was also hacked recently. The site runs the vBulletin forumware, which protects passwords using md5crypt.
md5crypt is a password hashing scheme devised by Poul-Henning Kamp in 1995. The hashed password takes the format $1$<salt>$<password-hash>. The hash is designed to be expensive to compute, to slow down attacks. In 2012, Poul-Henning announced that md5crypt was no longer considered safe, in view of advances in computing power.
sha-crypt, from Ulrich Depper, is a public domain implementation of SHA-256/512-based password hashing, which works similarly to md5crypt, using SHA-256/512 and allowing an arbitrary number of rounds through the hashing algorithm.
The following commands build and run sha(256|512)crypt.c as self-test programs:
Next, build shared library:
Move the .so or .dylib file to where your plugins are.
PCPasswordCrypt is a Smalltalk interface to libshacrypt using NativeBoost. It is very simple to use:
Tested on OSX (Mountain Lion) and Linux (Mint 14). The C programs work on FreeBSD, but my self-built FreeBSD Cog VM doesn't have NativeBoost.