Date: Sat, 15 Feb 1997 02:48:33 +1100 From: David Nugent <davidn@labs.usn.blaze.net.au> To: Warner Losh <imp@village.org> Cc: security@FreeBSD.ORG Subject: Re: blowfish passwords in FreeBSD Message-ID: <19970215024833.30067@usn.blaze.net.au> In-Reply-To: <E0vvHbl-00026f-00@rover.village.org>; from Warner Losh on Feb 02, 1997 at 11:58:56PM References: <E0vvHbl-00026f-00@rover.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Feb 02, 1997 at 11:58:56PM, Warner Losh wrote: > OpenBSD just committed a new encryption method using blowfish. This > has a much larger salt space as well as a much harder to break > encryption scheme. Preliminary indications are that it looks really > good. They implemented this much like md5, but with its own code. > > I think we should bring this into FreeBSD. What do others think? The more the merrier. :-) Wasn't there some discussion a while back about a way of selecting the encryption type? And I don't mean by using the current symlink method - I mean at runtime, parhaps as a configurable option. The $n$ encoding would seem to be a good way of decoding and recognising the correct decode routine, but the ability of selecting and easily changing the system default would be nice. Perhaps even adding to it. BTW, I'm open to ideas on a configurable authentication system as well. BSDI login.conf compatibility is no longer an option since they've changed it twice and look like doing it again for BSDI 3.1. So this opens up the discussion again for perhaps a better design. I looked at PAM in some depth recently and while it looks interesting enough, I think it is an overkill. We can already do most of what PAM can do via login.conf - actually, in a nicer way imho, although it isn't as easy or simple to switch modules at runtime as you can with PAM. I'm just a little nervous about having an authentication system use something that isn't simple *in principle*, and PAM is anything but that. Regards, David Nugent - Unique Computing Pty Ltd - Melbourne, Australia Voice +61-3-9791-9547 Data/BBS +61-3-9792-3507 3:632/348@fidonet davidn@freebsd.org davidn@blaze.net.au http://www.blaze.net.au/~davidn/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19970215024833.30067>