Date: Mon, 19 May 1997 13:35:45 +0300 (EEST) From: Andrew Stesin <stesin@gu.net> To: questions@freebsd.org, security@freebsd.org Subject: A quick question on dual-personality crypt(3) and passwd(1) Message-ID: <Pine.BSF.3.95q.970519131841.8543O-100000@trifork.gu.net>
next in thread | raw e-mail | index | archive | help
Hello, sorry if it's documented somewhere and I wasn't patient enough to dig it up and read myself; I have a question. What I did: 1. installed RELENG_2_2 system (got $1$-style crypt(3), Ok) 2. installed international-DES distribution over it, and what I got: -- if encrypted password is $1$-style, passwd(1) preserves this. -- if encrypted password is "plain old DES", brought from old BSD/OS system, passwd(1) preserves this, too. -- if the account is fresh new and/or has no password, passwd(1) does plain-DES encryption by default. That's not what I meant (and wanted to get)... I had an idea to bring in old passwd database from old system, old-DES-style; but have passwd(1) to use either $1$- or ext-DES ('_'-style) encryption later with no regard to whatever was used for this password earlier. So that old user will launch passwd(1), which in turn will understand her old DES password, but will replace it with the new one encrypted by a new encryption scheme. So the question: do I need to hack passwd(1) to get this done transparently? Or there are some other options around? And while here already, a call for expert opinions: which encryption scheme is considered to be harder to crack (with regard to UNIX passwords) -- $1$-style MD5 scheme or "extended DES", '_'-style scheme? Thanks for your time and attention! Best regards, Andrew Stesin nic-hdl: ST73-RIPE
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95q.970519131841.8543O-100000>