From owner-freebsd-security  Tue Jun 15 18:20:30 1999
Delivered-To: freebsd-security@freebsd.org
Received: from zippy.cdrom.com (zippy.cdrom.com [204.216.27.228])
	by hub.freebsd.org (Postfix) with ESMTP id 77DA7150F6
	for <freebsd-security@FreeBSD.ORG>; Tue, 15 Jun 1999 18:20:27 -0700 (PDT)
	(envelope-from jkh@zippy.cdrom.com)
Received: from zippy.cdrom.com (jkh@localhost [127.0.0.1])
	by zippy.cdrom.com (8.9.3/8.9.3) with ESMTP id SAA05878;
	Tue, 15 Jun 1999 18:21:41 -0700 (PDT)
	(envelope-from jkh@zippy.cdrom.com)
To: Kris Kennaway <kkennawa@physics.adelaide.edu.au>
Cc: Evren Yurtesen <yurtesen@ispro.net.tr>,
	Holtor <holtor@yahoo.com>, freebsd-security@FreeBSD.ORG
Subject: Re: DES & MD5? 
In-reply-to: Your message of "Wed, 16 Jun 1999 10:30:48 +0930."
             <Pine.OSF.4.10.9906161026010.862-100000@bragg> 
Date: Tue, 15 Jun 1999 18:21:41 -0700
Message-ID: <5874.929496101@zippy.cdrom.com>
From: "Jordan K. Hubbard" <jkh@zippy.cdrom.com>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

It still works, thought a login.conf based scheme would certainly
eliminate an extra file.  Go for it. :)

> On Tue, 15 Jun 1999, Jordan K. Hubbard wrote:
> 
> > > So you can mix and match any passwords your crypt() knows how to parse. T
he
> > > only problem is that standrd FreeBSD doesn't have a way to select which
> > > password scheme you want: if you install the DES sources, you get DES
> > > passwords, otherwise MD5, for your new passwords.
> > > 
> > 
> > While certainly in the category of "evil temporary hack", I can say
> > that /etc/auth.conf makes the above statement somewhat incorrect. :)
> 
> This isn't used currently, is it? I thought the support for that was removed
> when the previous password changes back in January were backed out.
> 
> My patches I've been talking about add two login.conf capabilities:
> localcipher and localcipherrounds, which determine the format of new password
s
> (localcipherrounds is for things like blowfish and "New"-DES passwords which
> have variable number of rounds. New-DES is the improved version of the DES
> hashing algorithm which has been in the code forever, but #ifdef'ed out.)
> 
> So you can have a separate login class for users you want to share passwords
> with your Sun boxes (old-DES format), have everyone else with SHA-1 passwords
> and have the root password as 2^10-round blowfish, if you wish.
> 
> Kris
> 
> > 
> > - Jordan
> > 
> 
> -----
> "Never criticize anybody until you have walked a mile in their shoes,
> because by that time you will be a mile away and have their shoes."
>     -- Unknown
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message