From owner-freebsd-current  Thu Oct 22 09:04:44 1998
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id JAA14758
          for freebsd-current-outgoing; Thu, 22 Oct 1998 09:04:44 -0700 (PDT)
          (envelope-from owner-freebsd-current@FreeBSD.ORG)
Received: from resnet.uoregon.edu (resnet.uoregon.edu [128.223.144.32])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA14753
          for <current@freebsd.org>; Thu, 22 Oct 1998 09:04:43 -0700 (PDT)
          (envelope-from dwhite@resnet.uoregon.edu)
Received: from localhost (dwhite@localhost)
          by resnet.uoregon.edu (8.8.8/8.8.8) with ESMTP id JAA17225;
          Thu, 22 Oct 1998 09:03:56 -0700 (PDT)
          (envelope-from dwhite@resnet.uoregon.edu)
Date: Thu, 22 Oct 1998 09:03:55 -0700 (PDT)
From: Doug White <dwhite@resnet.uoregon.edu>
To: pam@polynet.lviv.ua
cc: Archie Cobbs <archie@whistle.com>, current@FreeBSD.ORG
Subject: Re: [Q]: Buildworld without secure libs (to use MD5 passwords)
In-Reply-To: <19981022075652.22374.qmail@Guard.PolyNet.Lviv.UA>
Message-ID: <Pine.BSF.4.03.9810220900580.12898-100000@resnet.uoregon.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Thu, 22 Oct 1998 pam@polynet.lviv.ua wrote:

> I want to have option to build libdescrypt (one my system is DES-
> enabled, and as far as I know no DES->MD5 migration is possible)
> I know that libdescrypt can verify MD5 passwords but stores new one 
> in DES. Why libscrypt can't do the opposite?!

Because libscrypt is DES-free for international distribution.
Unfortunately FreeBSD is made in the US and we have perverse crypto export
laws.  Having a separate DES library lows us to split it out into it's own
module/distribution that can be export-controlled.

If you want new passwords stored in MD5 and still decrypt DES, you have to
hack passwd to pass the MD5 magic '$1$' to the crypt() routine so it
returns an MD5 key.   It's a one line change; I'm highly tempted to make
it a compile-time #define in the base code.

Doug White                               
Internet:  dwhite@resnet.uoregon.edu    | FreeBSD: The Power to Serve
http://gladstone.uoregon.edu/~dwhite    | www.freebsd.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message