From owner-freebsd-security  Tue Jun 15 17:59:58 1999
Delivered-To: freebsd-security@freebsd.org
Received: from adelphi.physics.adelaide.edu.au (adelphi.physics.adelaide.edu.au [129.127.36.247])
	by hub.freebsd.org (Postfix) with ESMTP id 6DF041565E
	for <freebsd-security@FreeBSD.ORG>; Tue, 15 Jun 1999 17:59:49 -0700 (PDT)
	(envelope-from kkennawa@physics.adelaide.edu.au)
Received: from bragg (bragg [129.127.36.34])
	by adelphi.physics.adelaide.edu.au (8.8.8/8.8.8/UofA-1.5) with SMTP id KAA00915;
	Wed, 16 Jun 1999 10:29:47 +0930 (CST)
Received: from localhost by bragg; (5.65/1.1.8.2/05Aug95-0227PM)
	id AA04889; Wed, 16 Jun 1999 10:30:48 +0930
Date: Wed, 16 Jun 1999 10:30:48 +0930 (CST)
From: Kris Kennaway <kkennawa@physics.adelaide.edu.au>
X-Sender: kkennawa@bragg
To: "Jordan K. Hubbard" <jkh@zippy.cdrom.com>
Cc: Evren Yurtesen <yurtesen@ispro.net.tr>,
	Holtor <holtor@yahoo.com>, freebsd-security@FreeBSD.ORG
Subject: Re: DES & MD5? 
In-Reply-To: <5781.929494445@zippy.cdrom.com>
Message-Id: <Pine.OSF.4.10.9906161026010.862-100000@bragg>
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Tue, 15 Jun 1999, Jordan K. Hubbard wrote:

> > So you can mix and match any passwords your crypt() knows how to parse. The
> > only problem is that standrd FreeBSD doesn't have a way to select which
> > password scheme you want: if you install the DES sources, you get DES
> > passwords, otherwise MD5, for your new passwords.
> > 
> 
> While certainly in the category of "evil temporary hack", I can say
> that /etc/auth.conf makes the above statement somewhat incorrect. :)

This isn't used currently, is it? I thought the support for that was removed
when the previous password changes back in January were backed out.

My patches I've been talking about add two login.conf capabilities:
localcipher and localcipherrounds, which determine the format of new passwords
(localcipherrounds is for things like blowfish and "New"-DES passwords which
have variable number of rounds. New-DES is the improved version of the DES
hashing algorithm which has been in the code forever, but #ifdef'ed out.)

So you can have a separate login class for users you want to share passwords
with your Sun boxes (old-DES format), have everyone else with SHA-1 passwords
and have the root password as 2^10-round blowfish, if you wish.

Kris

> 
> - Jordan
> 

-----
"Never criticize anybody until you have walked a mile in their shoes,
because by that time you will be a mile away and have their shoes."
    -- Unknown



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message