From owner-freebsd-security  Tue Jun 15 17:32:42 1999
Delivered-To: freebsd-security@freebsd.org
Received: from aic-gw.mlink.net (aic-gw.mlink.net [209.104.118.65])
	by hub.freebsd.org (Postfix) with SMTP id 824F41504F
	for <freebsd-security@FreeBSD.ORG>; Tue, 15 Jun 1999 17:32:18 -0700 (PDT)
	(envelope-from matt@AIC-GW.MLINK.NET)
Received: (qmail 53181 invoked by uid 1000); 16 Jun 1999 00:32:10 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 16 Jun 1999 00:32:10 -0000
Date: Tue, 15 Jun 1999 20:32:10 -0400 (EDT)
From: matt <matt@AIC-GW.MLINK.NET>
To: Kris Kennaway <kkennawa@physics.adelaide.edu.au>
Cc: Evren Yurtesen <yurtesen@ispro.net.tr>,
	Holtor <holtor@yahoo.com>, freebsd-security@FreeBSD.ORG
Subject: Re: DES & MD5?
In-Reply-To: <Pine.OSF.4.10.9906160933130.22473-100000@bragg>
Message-ID: <Pine.BSF.4.10.9906152029520.53167-100000@aic-gw.mlink.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Wed, 16 Jun 1999, Kris Kennaway wrote:

: On Tue, 15 Jun 1999, Evren Yurtesen wrote:
: 
: > I think when you use MD5 or DES you can still have different kind of
: > passwords in your password file.

Thankfully Yes.. I'll explain more later on down the mail.
 
: You can. crypt() checks whether it's being passed a salt of the form
: $1$...$, and if so, passes it to crypt_md5(), otherwise considers it as a DES
: salt and sends it to crypt_des() (if DES support is compiled in).

I mistakening installed 3.2 with DES so it was making DES passwords
instead of MD5 passwords, I happen to prefere MD5, so I just redid the
symlinks on libcrypt* from libdescrypt to libscrypt... etc.. worked nicely
back to MD5
 
: So you can mix and match any passwords your crypt() knows how to parse. The
: only problem is that standrd FreeBSD doesn't have a way to select which
: password scheme you want: if you install the DES sources, you get DES
: passwords, otherwise MD5, for your new passwords.

We really should look at something like OpenBSD's password system, they
really do have a bloody amazing password and encryption scheme..

: Kris

Matt
 
: -----
: "Never criticize anybody until you have walked a mile in their shoes,
: because by that time you will be a mile away and have their shoes."
:     -- Unknown

--
matt@AIC-GW.MLINK.NET




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message