From owner-freebsd-security  Fri Feb 14 11:24:08 1997
Return-Path: <owner-security>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.5/8.8.5) id LAA25469
          for security-outgoing; Fri, 14 Feb 1997 11:24:08 -0800 (PST)
Received: from grackle.grondar.za (8t4c8Xiq/cPn8HFYbswzZFsHNPL+WA25@grackle.grondar.za [196.7.18.131])
          by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id LAA25417
          for <security@freebsd.org>; Fri, 14 Feb 1997 11:24:01 -0800 (PST)
Received: from grackle.grondar.za (fenPMqkpI2FSVH8sAFmQHeT2W/SgiGzb@localhost [127.0.0.1])
          by grackle.grondar.za (8.8.5/8.8.4) with ESMTP
	  id VAA18249; Fri, 14 Feb 1997 21:23:10 +0200 (SAT)
Message-Id: <199702141923.VAA18249@grackle.grondar.za>
X-Mailer: exmh version 2.0gamma 1/27/96
To: Poul-Henning Kamp <phk@critter.dk.tfs.com>
cc: security@freebsd.org
Subject: Re: blowfish passwords in FreeBSD 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Fri, 14 Feb 1997 21:23:05 +0200
From: Mark Murray <mark@grondar.za>
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

Poul-Henning Kamp wrote:
> In message <E0vvHbl-00026f-00@rover.village.org>, Warner Losh writes:
> >
> >OpenBSD just committed a new encryption method using blowfish.  This
> >has a much larger salt space as well as a much harder to break
> >encryption scheme.  Preliminary indications are that it looks really
> >good.  They implemented this much like md5, but with its own code.
> >
> >I think we should bring this into FreeBSD.  What do others think?
> 
> We already have a submission for SSH (?) passwords in a PR, they
> should be merged and documented.

You mean SHA (secure hash algorithm). I have this FreeBSD ready.

This method expands on PHK's MD5 passwd(5) scheme where an encrypted
passwd that is not DES looks like $n$sssss$pppppppppp.
Where

  n is a number 1=MD5
                2=SHA
                3-??=<unassigned>
  sssss is salt
  ppppppppp is the encrypred passwd.

The code has hooks to make it extensible for other hash types.

How does the OpenBSD Blowfish method fit into _that_?

FWIW, our _current_ DES passwd scheme has a method that extends the
salt dramatically. (this is documented). if the salt begins with an
"_" underscore char, then the next 8 (!) chars are salt. They are
(sort of) uudecoded to provide two 24 bit numbers. One is common-or-
garden salt, the other is iteration count. You want someone to work
hard do crack your password? Set the count high.

Look in the secure/lib/libcrypt/test dir for test code and check
out the secure crypt(3) manpage for docs.

M 
--
Mark Murray                PGP key fingerprint = 80 36 6E 40 83 D6 8A 36
This .sig is umop ap!sdn.                        BC 06 EA 0E 7A F2 CE CE