Date: Tue, 21 Apr 1998 17:46:37 -0600 (MDT) From: Wes Peters - Softweyr LLC <softweyr@xmission.com> To: jaitken@dimension.net Cc: freebsd-security@FreeBSD.ORG Subject: Re: md5, des, et al. Message-ID: <199804212346.RAA24929@xmission.xmission.com> In-Reply-To: <199804211812.OAA27421@gizmo.dimension.net> from "Jeff Aitken" at Apr 21, 98 02:12:49 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> A recent poster (sorry, I deleted the message, so I don't remember
> who) said something about using dlopen() and friends (we'll assume
> for argument's sake that that will work flawlessly).
>
> However, doesn't any solution involving shared {libraries,object code}
> merely solve half of the problem? Suppose you have md5.so, des.so,
> blowfish.so, and foobar.so. Obviously, you can now decrypt
> passwords encrypted with DES, MD5, etc. However, when a user
> changes his or her password, which scheme is used to generate the
> new password?
Simple. If a user wants to change her password, use the same
encryption method currently used on her password. The difficulty
starts when you're creating a new password. By default, use the
encryption method suggested in /etc/login.conf (or /etc/passwd.conf if
you wish). It would also be necessary to extend passwd with an option
to specify the encryption to use, for creating new accounts and for
changing the encryption format (if allowed by
/etc/{passwd,login}.conf).
--
"Where am I, and what am I doing in this handbasket?"
Wes Peters Softweyr LLC
http://www.xmission.com/~softweyr softweyr@xmission.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199804212346.RAA24929>