Date: Mon, 19 May 1997 13:35:45 +0300 (EEST) From: Andrew Stesin <stesin@gu.net> To: questions@freebsd.org, security@freebsd.org Subject: A quick question on dual-personality crypt(3) and passwd(1) Message-ID: <Pine.BSF.3.95q.970519131841.8543O-100000@trifork.gu.net>
next in thread | raw e-mail | index | archive | help
Hello,
sorry if it's documented somewhere and I wasn't patient
enough to dig it up and read myself; I have a question.
What I did:
1. installed RELENG_2_2 system (got $1$-style crypt(3), Ok)
2. installed international-DES distribution over it,
and what I got:
-- if encrypted password is $1$-style, passwd(1) preserves this.
-- if encrypted password is "plain old DES", brought from
old BSD/OS system, passwd(1) preserves this, too.
-- if the account is fresh new and/or has no password,
passwd(1) does plain-DES encryption by default.
That's not what I meant (and wanted to get)... I had an idea to
bring in old passwd database from old system, old-DES-style; but have
passwd(1) to use either $1$- or ext-DES ('_'-style) encryption
later with no regard to whatever was used for this password earlier.
So that old user will launch passwd(1), which in turn will understand
her old DES password, but will replace it with the new one
encrypted by a new encryption scheme.
So the question: do I need to hack passwd(1) to get this done
transparently? Or there are some other options around?
And while here already, a call for expert opinions: which encryption scheme is
considered to be harder to crack (with regard to UNIX passwords) --
$1$-style MD5 scheme or "extended DES", '_'-style scheme?
Thanks for your time and attention!
Best regards,
Andrew Stesin
nic-hdl: ST73-RIPE
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95q.970519131841.8543O-100000>