From owner-freebsd-security Tue Apr 21 16:47:04 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id QAA22400 for freebsd-security-outgoing; Tue, 21 Apr 1998 16:47:04 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from xmission.xmission.com (softweyr@xmission.xmission.com [198.60.22.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id XAA22395 for ; Tue, 21 Apr 1998 23:46:59 GMT (envelope-from softweyr@xmission.xmission.com) Received: (from softweyr@localhost) by xmission.xmission.com (8.8.8/8.7.5) id RAA24929; Tue, 21 Apr 1998 17:46:38 -0600 (MDT) From: Wes Peters - Softweyr LLC Message-Id: <199804212346.RAA24929@xmission.xmission.com> Subject: Re: md5, des, et al. To: jaitken@dimension.net Date: Tue, 21 Apr 1998 17:46:37 -0600 (MDT) Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <199804211812.OAA27421@gizmo.dimension.net> from "Jeff Aitken" at Apr 21, 98 02:12:49 pm X-Mailer: ELM [version 2.4 PL25] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk > A recent poster (sorry, I deleted the message, so I don't remember > who) said something about using dlopen() and friends (we'll assume > for argument's sake that that will work flawlessly). > > However, doesn't any solution involving shared {libraries,object code} > merely solve half of the problem? Suppose you have md5.so, des.so, > blowfish.so, and foobar.so. Obviously, you can now decrypt > passwords encrypted with DES, MD5, etc. However, when a user > changes his or her password, which scheme is used to generate the > new password? Simple. If a user wants to change her password, use the same encryption method currently used on her password. The difficulty starts when you're creating a new password. By default, use the encryption method suggested in /etc/login.conf (or /etc/passwd.conf if you wish). It would also be necessary to extend passwd with an option to specify the encryption to use, for creating new accounts and for changing the encryption format (if allowed by /etc/{passwd,login}.conf). -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC http://www.xmission.com/~softweyr softweyr@xmission.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message