Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 11 Feb 2002 17:56:01 +0200
From:      Peter Pentchev <roam@ringlet.net>
To:        Varshavchick Alexander <alex@metrocom.ru>
Cc:        questions@FreeBSD.ORG, freebsd-hackers@FreeBSD.ORG
Subject:   Re: crypt function
Message-ID:  <20020211175601.B30217@straylight.oblivion.bg>
In-Reply-To: <Pine.GSO.4.21.0202111849080.5924-100000@apache.metrocom.ru>; from alex@metrocom.ru on Mon, Feb 11, 2002 at 06:50:10PM %2B0300
References:  <20020211174815.A30217@straylight.oblivion.bg> <Pine.GSO.4.21.0202111849080.5924-100000@apache.metrocom.ru>

next in thread | previous in thread | raw e-mail | index | archive | help

--ZfOjI3PrQbgiZnxM
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Feb 11, 2002 at 06:50:10PM +0300, Varshavchick Alexander wrote:
> On Mon, 11 Feb 2002, Peter Pentchev wrote:
>=20
> > Date: Mon, 11 Feb 2002 17:48:15 +0200
> > From: Peter Pentchev <roam@ringlet.net>
> > To: Varshavchick Alexander <alex@metrocom.ru>
> > Cc: questions@FreeBSD.ORG, freebsd-hackers@FreeBSD.ORG
> > Subject: Re: crypt function
> >=20
> > On Mon, Feb 11, 2002 at 06:40:52PM +0300, Varshavchick Alexander wrote:
> > > Hi,
> > >=20
> > > Here is one more problem: after installing the new 4.5 libraries,
> > > crypt() started encrypting not the way it was doing so before the upg=
rade,
> > > for example:
> > >=20
> > > The correct value for encrypted password: 	5jbleTVRurM2Y
> > > The value for this password after the upgrade: 	$1$5jbleTVR$TqxKtkw51=
R3tPSGDexK.a1
> > >=20
> > > So it evidently uses some other mechanism now, how can it be solved?
> >=20
> > It uses MD5 encryption by default.  Is this a problem for any
> > of the installed programs?  They should generally "just work".
> >=20
> > If you are indeed having trouble, edit /etc/auth.conf and change
> > the crypt_default to 'des'.
>=20
> So can you say by first glance, is it true that the short form
> (5jbleTVRurM2Y) used md5, and the current form
> ($1$5jbleTVR$TqxKtkw51R3tPSGDexK.a1) is using des?

No, the other way 'round.  The DES password encryption generates 13-charact=
er
passwords, with the salt in the first two characters.  MD5-encrypted
passwords are generally much longer, starting with $1 (encryption method 1),
continuing with $salt$ and then the encrypted password.

What I am saying is, you may set crypt_default =3D des and let crypt(3)
generate DES-encrypted passwords, if this is what your programs expect.
login(1), PAM and the rest of the base system utilities should have
no trouble dealing with the new format of passwords in /etc/master.password,
so setting crypt_default is generally not needed, unless you are really
having problems with programs generating DES passwords and comparing them
against MD5-encoded ones.

G'luck,
Peter

--=20
Peter Pentchev	roam@ringlet.net	roam@FreeBSD.org
PGP key:	http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint	FDBA FD79 C26F 3C51 C95E  DF9E ED18 B68D 1619 4553
If there were no counterfactuals, this sentence would not have been paradox=
ical.

--ZfOjI3PrQbgiZnxM
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjxn6ZEACgkQ7Ri2jRYZRVPZwQCeKBHo2FTYeewreeXzMm5DSOd3
z6IAnAvdRipfaDGkegd86n8oej5c/M1k
=7Ctz
-----END PGP SIGNATURE-----

--ZfOjI3PrQbgiZnxM--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020211175601.B30217>