From owner-freebsd-questions@FreeBSD.ORG Wed Nov 12 06:52:29 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3871316A4CE for ; Wed, 12 Nov 2003 06:52:29 -0800 (PST) Received: from smtp.infracaninophile.co.uk (happy-idiot-talk.infracaninophile.co.uk [81.2.69.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0AA8043FCB for ; Wed, 12 Nov 2003 06:52:27 -0800 (PST) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost [127.0.0.1]) hACEqBkr023167 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 12 Nov 2003 14:52:15 GMT (envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk) Received: (from matthew@localhost)id hACEqBpt023166; Wed, 12 Nov 2003 14:52:11 GMT (envelope-from matthew) Date: Wed, 12 Nov 2003 14:52:11 +0000 From: Matthew Seaman To: Oles Hnatkevych Message-ID: <20031112145211.GA22738@happy-idiot-talk.infracaninophile.co.uk> Mail-Followup-To: Matthew Seaman , Oles Hnatkevych , freebsd-questions@freebsd.org References: <102687543915.20031112132335@alfabank.kiev.ua> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="ikeVEW9yuYc//A+q" Content-Disposition: inline In-Reply-To: <102687543915.20031112132335@alfabank.kiev.ua> User-Agent: Mutt/1.5.5.1i X-Spam-Status: No, hits=-4.9 required=5.0 tests=BAYES_00 autolearn=ham version=2.60 X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on happy-idiot-talk.infracaninophile.co.uk cc: freebsd-questions@freebsd.org Subject: Re: md5/des ? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Nov 2003 14:52:29 -0000 --ikeVEW9yuYc//A+q Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Nov 12, 2003 at 01:23:35PM +0200, Oles Hnatkevych wrote: > /usr/bin/passwd does my passwords MD5 encrypted (accordingly to /etc/logi= n.conf) > But /usr/sbin/adduser creates users with DES encrypted passwords. > How do I make it use MD5 instead of DES? Seems like it's perls crypt() > problem, and the DES is the default... It's not the perl crypt() function, as that just mirrors the behaviour of the underlying libc crypt(3) function. Try these commands and you'll see how things work: Traditional DES: % perl -le 'print crypt("password", "xx")' Extended DES: % perl -le 'print crypt("password", "_xx")' Modular ($1$ =3D> MD5) % perl -le 'print crypt("password", "\$1\$xx")' ie. The format of the salt supplied to crypt controls the algorithm used. You're right however that the adduser(8) command will always generate a DES encrypted password hash. Unfortunately it's programmed so that it can't do anything else -- plus it uses srand() on a combination of the PID, the date and some other data to seed the RNG, which used to be a reasonable idea, but now that we have /dev/random is much less so. Use 'pw useradd' command instead. See pw(8) -- this is a much more capable program for manipulating user and group accounts, and it doesn't suffer from the drawbacks you've noted. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK --ikeVEW9yuYc//A+q Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/skkbdtESqEQa7a0RAipxAJ9Bui/PiQ4G1trD74Ta5kInxOeE5wCeKO6W /1Ut2JkQJbQBJGCjK/ZmsEw= =Ere7 -----END PGP SIGNATURE----- --ikeVEW9yuYc//A+q--