From owner-freebsd-questions@FreeBSD.ORG Sat Apr 16 12:53:35 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6915216A4CE for ; Sat, 16 Apr 2005 12:53:35 +0000 (GMT) Received: from makeworld.com (makeworld.com [216.201.118.142]) by mx1.FreeBSD.org (Postfix) with ESMTP id C972B43D1D for ; Sat, 16 Apr 2005 12:53:34 +0000 (GMT) (envelope-from racerx@makeworld.com) Received: from localhost (localhost.com [127.0.0.1]) by makeworld.com (Postfix) with ESMTP id 2EB9560E8 for ; Sat, 16 Apr 2005 07:53:33 -0500 (CDT) Received: from makeworld.com ([127.0.0.1]) by localhost (makeworld.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 41472-03 for ; Sat, 16 Apr 2005 07:53:30 -0500 (CDT) Received: from [216.201.118.138] (racerx.makeworld.com [216.201.118.138]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by makeworld.com (Postfix) with ESMTP id B952260D4 for ; Sat, 16 Apr 2005 07:53:22 -0500 (CDT) Message-ID: <42610AC3.4090202@makeworld.com> Date: Sat, 16 Apr 2005 07:53:23 -0500 From: Chris User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050414) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <1197988274.20050416123145@wanadoo.fr> In-Reply-To: <1197988274.20050416123145@wanadoo.fr> X-Enigmail-Version: 0.91.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Virus-Scanned: by ClamAV 0.75.1/amavisd-new-2.2.1 (20041222) at makeworld.com - Isn't it ironic Subject: Re: Encryption of login passwords--where and how is it done? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: racerx@makeworld.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 Apr 2005 12:53:35 -0000 Anthony Atkielski wrote: ... > I'd like to think that a 128-byte password consisting of > random words and special characters would be just as secure as a > shorter, completely random password, but that's only true if FreeBSD is > hashing the entire 128-byte string in some cryptographically secure way > in order to produce an encrypt password that is a function of every bit > of the plaintext password. > Ummm - Somehow, somewhere, I was always taught that the longer the password, the better. So, how can a short passward (say 10 bytes) be as secure as a 128 byte? Let's see - would I rather walk a block for a glass of water or walk a mile? Oh hush you people - I know what you're gonna say - why walk when you can drive. -- Best regards, Chris Everybody's gotta be someplace.