From owner-freebsd-security Tue Jun 15 0: 9:52 1999 Delivered-To: freebsd-security@freebsd.org Received: from adelphi.physics.adelaide.edu.au (adelphi.physics.adelaide.edu.au [129.127.36.247]) by hub.freebsd.org (Postfix) with ESMTP id 6D8C014CF3 for ; Tue, 15 Jun 1999 00:09:40 -0700 (PDT) (envelope-from kkennawa@physics.adelaide.edu.au) Received: from bragg (bragg [129.127.36.34]) by adelphi.physics.adelaide.edu.au (8.8.8/8.8.8/UofA-1.5) with SMTP id QAA27175; Tue, 15 Jun 1999 16:39:39 +0930 (CST) Received: from localhost by bragg; (5.65/1.1.8.2/05Aug95-0227PM) id AA26137; Tue, 15 Jun 1999 16:40:54 +0930 Date: Tue, 15 Jun 1999 16:40:54 +0930 (CST) From: Kris Kennaway X-Sender: kkennawa@bragg To: Warner Losh Cc: Holtor , freebsd-security@freebsd.org Subject: Re: DES & MD5? In-Reply-To: <199906150704.BAA90853@harmony.village.org> Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 15 Jun 1999, Warner Losh wrote: > : In reality of course, it's better to be safe and use strong password methods > : even when they 'should' not be needed by virtue of the password file being > : hidden. > > This is of course true. > > However, IIRC, the pain to do this is high. Where does it hurt? I can imagine if you were trying to share your password files between e.g. Suns, but if you want to have MD5 passwords when you have the DES sources installed it's just a simple hack to crypt.c AFAIK. Kris > > Warner > ----- "Never criticize anybody until you have walked a mile in their shoes, because by that time you will be a mile away and have their shoes." -- Unknown To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message