From owner-freebsd-doc@FreeBSD.ORG Sun Jun 6 03:00:39 2004 Return-Path: Delivered-To: freebsd-doc@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7FF8F16A4CE for ; Sun, 6 Jun 2004 03:00:39 -0700 (PDT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5ED1143D2D for ; Sun, 6 Jun 2004 03:00:39 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) i56A0dEI049644 for ; Sun, 6 Jun 2004 03:00:39 -0700 (PDT) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.11/8.12.11/Submit) id i56A0dYW049643; Sun, 6 Jun 2004 03:00:39 -0700 (PDT) (envelope-from gnats) Resent-Date: Sun, 6 Jun 2004 03:00:39 -0700 (PDT) Resent-Message-Id: <200406061000.i56A0dYW049643@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-doc@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Brett Schroeder Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5667616A4CE for ; Sun, 6 Jun 2004 02:52:16 -0700 (PDT) Received: from Anapurna.brettschroeder.name (c-24-20-126-220.client.comcast.net [24.20.126.220]) by mx1.FreeBSD.org (Postfix) with ESMTP id CE5F143D39 for ; Sun, 6 Jun 2004 02:52:15 -0700 (PDT) (envelope-from root@brettschroeder.name) Received: by Anapurna.brettschroeder.name (Postfix, from userid 0) id 8E9BAD33; Sun, 6 Jun 2004 02:52:52 -0700 (PDT) Message-Id: <20040606095252.8E9BAD33@Anapurna.brettschroeder.name> Date: Sun, 6 Jun 2004 02:52:52 -0700 (PDT) From: Brett Schroeder To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: docs/67624: Handbook incorrect about details of Blowfish encryption X-BeenThere: freebsd-doc@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Brett Schroeder List-Id: Documentation project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 06 Jun 2004 10:00:39 -0000 >Number: 67624 >Category: docs >Synopsis: Handbook incorrect about details of Blowfish encryption >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-doc >State: open >Quarter: >Keywords: >Date-Required: >Class: doc-bug >Submitter-Id: current-users >Arrival-Date: Sun Jun 06 03:00:39 PDT 2004 >Closed-Date: >Last-Modified: >Originator: Brett Schroeder >Release: FreeBSD 4.10-STABLE i386 >Organization: >Environment: System: FreeBSD Anapurna.brettschroeder.name 4.10-STABLE FreeBSD 4.10-STABLE #0: Thu May 27 20:57:11 PDT 2004 brett@Anapurna.brettschroeder.name:/usr/obj/usr/src/sys/ANAPURNA i386 >Description: Section 10.4.1 of the Handbook (Recognizing your crypt mechanism) states that Blowfish encrypted passwords begin with $2$. This is incorrect, they begin with $2a$. Here's an example from my /etc/master.passwd (most of the encrypted password has been X'd out ;-) brett:$2a$04$8K21POXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:1001:0::0:0:Brett Schroeder:/home/brett:/bin/csh vicki:$2a$04$hoMVJMXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:1000:1000::0:0:Vicki Schroeder:/home/vicki:/bin/csh >How-To-Repeat: 1) Edit /etc/auth.conf to have crypt_default = blf # default = md5 des (not sure if this step is really necessary) 2) Edit /etc/login.conf to have :passwd_format=blf:\ # default = md5 3) Run cap_mkdb /etc/login.conf 4) Add a dummy user, take a look at /etc/master.passwd >Fix: --- chapter_original.sgml Sun Jun 6 02:13:05 2004 +++ chapter.sgml Sun Jun 6 02:13:29 2004 @@ -1031,7 +1031,7 @@ Passwords encrypted with the MD5 hash are longer than those encrypted with the DES hash and also begin with the characters $1$. Passwords starting with - $2$ are encrypted with the + $2a$ are encrypted with the Blowfish hash function. DES password strings do not have any particular identifying characteristics, but they are shorter than MD5 passwords, and are coded in a 64-character >Release-Note: >Audit-Trail: >Unformatted: