From owner-freebsd-security  Sat May 30 12:20:37 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id MAA19615
          for freebsd-security-outgoing; Sat, 30 May 1998 12:20:37 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from critter.freebsd.dk ([195.8.133.1])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA19600
          for <freebsd-security@FreeBSD.ORG>; Sat, 30 May 1998 12:20:13 -0700 (PDT)
          (envelope-from phk@critter.freebsd.dk)
Received: from critter.freebsd.dk (localhost [127.0.0.1])
	by critter.freebsd.dk (8.8.7/8.8.5) with ESMTP id VAA20475;
	Sat, 30 May 1998 21:18:28 +0200 (CEST)
To: Eivind Eklund <eivind@yes.no>
cc: "J.A. Terranson" <sysadmin@mfn.org>,
        "freebsd-security@FreeBSD.ORG" <freebsd-security@FreeBSD.ORG>
Subject: Re: MD5 v. DES? 
In-reply-to: Your message of "Sat, 30 May 1998 20:32:04 +0200."
             <19980530203204.34537@follo.net> 
Date: Sat, 30 May 1998 21:18:27 +0200
Message-ID: <20473.896555907@critter.freebsd.dk>
From: Poul-Henning Kamp <phk@critter.freebsd.dk>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

In message <19980530203204.34537@follo.net>, Eivind Eklund writes:
>On Sat, May 30, 1998 at 12:07:57PM -0500, J.A. Terranson wrote:

>Apart from that, my ideal hash for a password file is one based on
>searching for public keys.  It'd go like this:
>(1) Salt the password
>(2) Use a cheap one-way hash to create a start value for a
>    pseudo-random function (e.g, an LFSR)
>(3) Use the random-function to do a deterministic search for a
>    public/private key pair
>(4) Store the salt and the public part of the key as the hash

I have been considering if we shouldn't introduce a 

	int checkuserpassword(char *user, char *password);

in some library, rather than having all these programs know that
you should strcmp after calling crypt().  This would allow us to
do what you propose or RADIUS authentication for that matter...

--
Poul-Henning Kamp             FreeBSD coreteam member
phk@FreeBSD.ORG               "Real hackers run -current on their laptop."
"ttyv0" -- What UNIX calls a $20K state-of-the-art, 3D, hi-res color terminal

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message