From owner-freebsd-security  Fri May 29 23:53:53 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id XAA03914
          for freebsd-security-outgoing; Fri, 29 May 1998 23:53:53 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from gjp.erols.com (alex-va-n008c243.moon.jic.com [206.156.18.253])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id XAA03902
          for <freebsd-security@freebsd.org>; Fri, 29 May 1998 23:53:45 -0700 (PDT)
          (envelope-from gjp@gjp.erols.com)
Received: from gjp.erols.com (localhost.erols.com [127.0.0.1])
	by gjp.erols.com (8.8.8/8.8.7) with ESMTP id CAA20838;
	Sat, 30 May 1998 02:52:25 -0400 (EDT)
	(envelope-from gjp@gjp.erols.com)
To: "J.A. Terranson" <sysadmin@mfn.org>
cc: Open Systems Networking <opsys@mail.webspan.net>,
        Cory Kempf <ckempf@enigami.com>,
        "freebsd-security@FreeBSD.ORG" <freebsd-security@FreeBSD.ORG>
From: "Gary Palmer" <gpalmer@FreeBSD.ORG>
Subject: Re: MD5 v. DES? 
In-reply-to: Your message of "Sat, 30 May 1998 01:43:54 CDT."
             <01BD8B6C.68192890@w3svcs.mfn.org> 
Date: Sat, 30 May 1998 02:52:25 -0400
Message-ID: <20834.896511145@gjp.erols.com>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

"J.A. Terranson" wrote in message ID
<01BD8B6C.68192890@w3svcs.mfn.org>:
> 
> Actually, this question is nonsensical, as MD5 and DES are
> two *entirely* different things.

Err, actually I think you are missing some context.

FreeBSD can use either MD5 or DES passwords. Why? Well, since the way
crypt() is used to check passwords is to re-encrypt a supplied
password and then checking it against the one in the password
database, you *can* use a one way hash like MD5 as a password
``crypt'' since you are only ever encrypting. It also gets around
a very tricky situation in the US where you cannot export crypto code.
However, you can export hashing functions ...

So, in general, you are right. However, in this case I believe we are
talking about password functions, and there *is* a relevance to the
comparison.

Gary
--
Gary Palmer                                          FreeBSD Core Team Member
FreeBSD: Turning PC's into workstations. See http://www.FreeBSD.ORG/ for info

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message