Date: Thu, 22 Oct 1998 09:03:55 -0700 (PDT) From: Doug White <dwhite@resnet.uoregon.edu> To: pam@polynet.lviv.ua Cc: Archie Cobbs <archie@whistle.com>, current@FreeBSD.ORG Subject: Re: [Q]: Buildworld without secure libs (to use MD5 passwords) Message-ID: <Pine.BSF.4.03.9810220900580.12898-100000@resnet.uoregon.edu> In-Reply-To: <19981022075652.22374.qmail@Guard.PolyNet.Lviv.UA>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 22 Oct 1998 pam@polynet.lviv.ua wrote: > I want to have option to build libdescrypt (one my system is DES- > enabled, and as far as I know no DES->MD5 migration is possible) > I know that libdescrypt can verify MD5 passwords but stores new one > in DES. Why libscrypt can't do the opposite?! Because libscrypt is DES-free for international distribution. Unfortunately FreeBSD is made in the US and we have perverse crypto export laws. Having a separate DES library lows us to split it out into it's own module/distribution that can be export-controlled. If you want new passwords stored in MD5 and still decrypt DES, you have to hack passwd to pass the MD5 magic '$1$' to the crypt() routine so it returns an MD5 key. It's a one line change; I'm highly tempted to make it a compile-time #define in the base code. Doug White Internet: dwhite@resnet.uoregon.edu | FreeBSD: The Power to Serve http://gladstone.uoregon.edu/~dwhite | www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.03.9810220900580.12898-100000>