Date: Tue, 06 Mar 2001 11:10:03 +1100 From: Tony Landells <ahl@austclear.com.au> To: Bill Moran <wmoran@iowna.com> Cc: Mikko Tyolajarvi <mikko@dynas.se>, questions@FreeBSD.ORG Subject: Re: SUN TO BSD Message-ID: <200103060010.LAA00329@tungsten.austclear.com.au> In-Reply-To: Message from Bill Moran <wmoran@iowna.com> of "Mon, 05 Mar 2001 18:50:40 CDT." <3AA4264F.7AF4B2A5@iowna.com>
next in thread | previous in thread | raw e-mail | index | archive | help
The traditional UNIX password encryption takes a timestamp of when the password is set, and uses that as the "salt" (or seed) for the initial encryption. It then adds this salt to the encrypted string so it can be retrieved next time you want to check the password. This means that even if two users pick the same password it should look different because it was done at a different time. By default FreeBSD uses MD5 for password encryption. Since this is a completely different algorithm, the encrypted string bears nothing more than a passing similarity to "traditionally" (DES) encrypted strings. You have the option of getting FreeBSD to use DES encrypted passwords. If you do that, you can just cut and paste the password field from /etc/shadow on Solaris into /etc/master.password on FreeBSD. Most UNIX systems use DES for passwords. I don't know why FreeBSD switched to MD5--possibly a lack of trust in DES, possibly because of stupid export laws. I'm sure someone else on the list will provide a definitive answer. Cheers, Tony Bill Moran wrote: > Mikko Tyolajarvi wrote: > > > > In local.freebsd.questions you write: > > >I believe this has to do with the system default password encryption > > >scheme. If both your Solaris & FreeBSD boxes are using the same > > >encryption scheme you should see the same encryped password. I've seen > > > > Nope. Password encryption schemes adds a "salt" (12 bits for the > > traditional DES version) to try to avoid passwords encrypting to the > > same value -- otherwise dictionary attacks become a lot simpler. > > Straighten me out on this, then. (if you'd be so kind) > Do all systems use different password math? If so, how does FreeBSD > share it's data with Solaris, Linux, et al via NIS? It couldn't be > sending the passwords in cleartext, because they're not decryptable > (right?) That would be insane anyway. > > I thought you had the option of using DES or MD5 for the password > storage? > > Am I a little off in my understanding of this? -- Tony Landells <ahl@austclear.com.au> Senior Network Engineer Ph: +61 3 9677 9319 Australian Clearing Services Pty Ltd Fax: +61 3 9677 9355 Level 4, Rialto North Tower 525 Collins Street Melbourne VIC 3000 Australia To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200103060010.LAA00329>