From owner-freebsd-security  Tue Apr 21 11:14:48 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id LAA03590
          for freebsd-security-outgoing; Tue, 21 Apr 1998 11:14:48 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from gateman.zeus.leitch.com (gateman.zeus.leitch.com [204.187.61.193])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id SAA03582
          for <freebsd-security@freebsd.org>; Tue, 21 Apr 1998 18:14:40 GMT
          (envelope-from woods@tap.zeus.leitch.com)
Received: from zeus.leitch.com (tap.zeus.leitch.com [204.187.61.10]) by gateman.zeus.leitch.com (8.8.5/8.7.3/1.0) with ESMTP id OAA25064 for <freebsd-security@freebsd.org>; Tue, 21 Apr 1998 14:14:37 -0400 (EDT)
Received: from brain.zeus.leitch.com (brain.zeus.leitch.com [204.187.61.32]) by zeus.leitch.com (8.7.5/8.7.3/1.0) with ESMTP id OAA03439 for <freebsd-security@freebsd.org>; Tue, 21 Apr 1998 14:14:38 -0400 (EDT)
Received: (from woods@localhost)
	by brain.zeus.leitch.com (8.8.8/8.8.8) id OAA23669;
	Tue, 21 Apr 1998 14:14:37 -0400 (EDT)
	(envelope-from woods@tap.zeus.leitch.com)
Date: Tue, 21 Apr 1998 14:14:37 -0400 (EDT)
Message-Id: <199804211814.OAA23669@brain.zeus.leitch.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
From: woods@zeus.leitch.com (Greg A. Woods)
To: freebsd-security@FreeBSD.ORG
Subject: Re: Using MD5 insted of DES for passwd ecnryption 
In-Reply-To: Mike Smith's message
	of "Tue, April 21, 1998 09:35:41 -0700"
	regarding "Re: Using MD5 insted of DES for passwd ecnryption "
	id <199804211635.JAA00416@dingo.cdrom.com>
References: <199804211532.LAA22702@brain.zeus.leitch.com>
	<199804211635.JAA00416@dingo.cdrom.com>
X-Mailer: VM 6.45 under Emacs 20.2.1
Reply-To: freebsd-security@FreeBSD.ORG
Organization: Planix, Inc.; Toronto, Ontario; Canada
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk

[ On Tue, April 21, 1998 at 09:35:41 (-0700), Mike Smith wrote: ]
> Subject: Re: Using MD5 insted of DES for passwd ecnryption 
>
> > I think it should always be possible to statically link the whole system
> > if one so desires.  That's the one sure way to test if shared libraries
> > are causing any weirdness.
> 
> How are you supposed to load arbitrary (possibly third-party) 
> authentication modules if you have to have the source at build time?  
> That's stupid.

Maybe not the source, but at minimum the objects.  Any method of
run-time control over password encryption schemes should permit all
available schemes to be statically linked simultaneously into the
relevant binaries such that a run-time "switch" can select amongst those
that were available at link time.  Naturally adding more schemes
requires re-linking -- but that's neither surprising, nor upsetting.

-- 
							Greg A. Woods

+1 416 443-1734      VE3TCP      <gwoods@acm.org>      <robohack!woods>
Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message