From owner-freebsd-security  Sun May 26 10:47:46 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id KAA06181
          for security-outgoing; Sun, 26 May 1996 10:47:46 -0700 (PDT)
Received: from groovy.dreaming.org (groovy.dreaming.org [204.92.5.69])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id KAA06176
          for <freebsd-security@freebsd.org>; Sun, 26 May 1996 10:47:40 -0700 (PDT)
Received: (from batsy@localhost) by groovy.dreaming.org (8.6.12/8.6.12) id NAA01968; Sun, 26 May 1996 13:54:51 -0400
Date: Sun, 26 May 1996 13:54:51 -0400 (EDT)
From: jamie <batsy@groovy.dreaming.org>
X-Sender: batsy@groovy.dreaming.org
To: freebsd-security@freebsd.org
Subject: md5
Message-ID: <Pine.BSF.3.91.960526134808.1901B-100000@groovy.dreaming.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk


I have recently heard rumors of an md5 library for Crack. I have a small 
number of users on my system (20'ish) and all are ...well...users in the 
sense that I give them an initial passwd to get to their accounts and 
they ask me if I can just set it to their userid so they can remember it. 
I have told them how to change their passwds but I am suspicious that 
they are using insecure passwds. I haven't implemented cracklib but I am 
warey that if there is an md5 plug-in for crack, the shadow passwd system 
is only a minimal defense (unshadow.c). If anyone knows where to find a 
doc or a package I would be very interested in hearing about it.
Thanks,
-jamie reid