From owner-freebsd-isp  Tue Feb 10 08:45:19 1998
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id IAA25717
          for freebsd-isp-outgoing; Tue, 10 Feb 1998 08:45:19 -0800 (PST)
          (envelope-from owner-freebsd-isp@FreeBSD.ORG)
Received: from support.euronet.nl (support.euronet.nl [194.134.32.134])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA25699
          for <isp@freebsd.org>; Tue, 10 Feb 1998 08:45:12 -0800 (PST)
          (envelope-from beng@euronet.nl)
Received: (from beng@localhost) by support.euronet.nl (8.8.5/8.6.12) id RAA04045 for isp@freebsd.org; Tue, 10 Feb 1998 17:44:40 +0100 (CET)
Message-Id: <199802101644.RAA04045@support.euronet.nl>
Subject: Re: Passwords..
In-Reply-To: <Pine.BSF.3.96.980210170437.22575D-100000@datorn.teligent.se> from Jakob Alvermark at "Feb 10, 98 05:07:30 pm"
To: isp@FreeBSD.ORG
Date: Tue, 10 Feb 1998 17:44:40 +0100 (CET)
From: Benjamin Gras <ben@nl.euro.net>
X-Bad-Religion: Rules
X-Mailer: ELM [version 2.4ME+ PL31H (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Hi there,

> Is it possible to convert DES-encrypted passwords to MD5-encrypted 
> passwords? (linux to FreeBSD)

Don't count on it. Those functions (hashing functions) are designed
with the primary goal in mind being irreversibility, so a conversion
(short of brute force reversing) would depend on an obscure relation
between the two functions, allowing a conversion without reversing.
The establishment of the unlikelyhood of this Feature is left as an
exercise to the (really patient) reader :).

> How can linux use DES passwords outside the states? (Is linux breaking the
> law?)

Last I heard the DES-based password crypt(3) function is exportable because
DES isn't used as a cipher but as a hashing function. There's an important
difference, which you're encountering right now..

As for a practical solution (I'd say):
Why not make FreeBSD use the DES-based passwords, and patch login(1) to
hash (using MD5-style) the password when you've verified the plaintext
entered password is correct (by hashing it DES-style as login(1) will do),
writing it back into the (master.) passwd file? This way you can do the
conversion, in a way..

	=Ben



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message