Skip site navigation (1)Skip section navigation (2) 
Date:      Sun,  6 Jun 2004 02:52:52 -0700 (PDT)
From:      Brett Schroeder <brett@brettschroeder.name>
To:        FreeBSD-gnats-submit@FreeBSD.org
Subject:   docs/67624: Handbook incorrect about details of Blowfish encryption
Message-ID:  <20040606095252.8E9BAD33@Anapurna.brettschroeder.name>
Resent-Message-ID: <200406061000.i56A0dYW049643@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         67624
>Category:       docs
>Synopsis:       Handbook incorrect about details of Blowfish encryption
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-doc
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          doc-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Jun 06 03:00:39 PDT 2004
>Closed-Date:
>Last-Modified:
>Originator:     Brett Schroeder
>Release:        FreeBSD 4.10-STABLE i386
>Organization:
>Environment:
System: FreeBSD Anapurna.brettschroeder.name 4.10-STABLE FreeBSD 4.10-STABLE #0: Thu May 27 20:57:11 PDT 2004 brett@Anapurna.brettschroeder.name:/usr/obj/usr/src/sys/ANAPURNA i386

>Description:
Section 10.4.1 of the Handbook (Recognizing your crypt mechanism) 
states that Blowfish encrypted passwords begin with $2$. This is incorrect, 
they begin with $2a$.

Here's an example from my /etc/master.passwd (most of the encrypted password has been X'd
out ;-)

brett:$2a$04$8K21POXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:1001:0::0:0:Brett Schroeder:/home/brett:/bin/csh
vicki:$2a$04$hoMVJMXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:1000:1000::0:0:Vicki Schroeder:/home/vicki:/bin/csh

>How-To-Repeat:
1) Edit /etc/auth.conf to have
	crypt_default   =       blf	# default = md5 des
(not sure if this step is really necessary)

2) Edit /etc/login.conf to have
	:passwd_format=blf:\		# default = md5

3) Run cap_mkdb /etc/login.conf

4) Add a dummy user, take a look at /etc/master.passwd

>Fix:

--- chapter_original.sgml	Sun Jun  6 02:13:05 2004
+++ chapter.sgml	Sun Jun  6 02:13:29 2004
@@ -1031,7 +1031,7 @@
 	Passwords encrypted with the MD5 hash are longer than those
 	encrypted with the DES hash and also begin with the characters
 	<literal>&dollar;1&dollar;</literal>.  Passwords starting with
-	<literal>&dollar;2&dollar;</literal> are encrypted with the
+	<literal>&dollar;2a&dollar;</literal> are encrypted with the
 	Blowfish hash function.  DES password strings do not
 	have any particular identifying characteristics, but they are
 	shorter than MD5 passwords, and are coded in a 64-character


>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040606095252.8E9BAD33>